Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

GFI — Vulnerabilities & Security Advisories 15

Browse all 15 CVE security advisories affecting GFI. AI-powered Chinese analysis, POCs, and references for each vulnerability.

GFI develops IT software solutions for network security and management, with products like endpoint protection and email security historically vulnerable to remote code execution, cross-site scripting, and privilege escalation vulnerabilities. Their software has accumulated 15 CVEs, with several critical flaws allowing unauthorized system access. In 2020, a cross-site scripting vulnerability in their web-based console could enable attacker-controlled script execution. The company has faced criticism for inconsistent patch management, with some vulnerabilities remaining unaddressed for extended periods. Their products remain widely deployed in SMB environments, making them persistent targets for exploitation despite security improvements in recent years.

Top products by GFI: Archiver KerioConnect MailEssentials Kerio Control
CVE IDTitleCVSSSeverityPublished
CVE-2026-2039 GFI Archiver MArc.Store Missing Authorization Authentication Bypass Vulnerability — ArchiverCWE-862 9.8AICriticalAI2026-02-20
CVE-2026-2036 GFI Archiver MArc.Store Deserialization of Untrusted Data Remote Code Execution Vulnerability — ArchiverCWE-502 8.8AIHighAI2026-02-20
CVE-2026-2038 GFI Archiver MArc.Core Missing Authorization Authentication Bypass Vulnerability — ArchiverCWE-862 9.8AICriticalAI2026-02-20
CVE-2026-2037 GFI Archiver MArc.Core Deserialization of Untrusted Data Remote Code Execution Vulnerability — ArchiverCWE-502 8.8AIHighAI2026-02-20
CVE-2025-35940 Hard-coded ArchiverSpaApi JWT Signing Key — ArchiverCWE-798 8.1 High2025-06-10
CVE-2025-34491 GFI MailEssentials < 21.8 MultiNode Insecure Deserialization — MailEssentialsCWE-502 8.8 High2025-04-28
CVE-2025-34490 GFI MailEssentials < 21.8 XXE Arbitrary File Read — MailEssentialsCWE-611 6.5 Medium2025-04-28
CVE-2025-34489 GFI MailEssentials < 21.8 Local Privilege Escalation — MailEssentialsCWE-502 7.8 High2025-04-28
CVE-2025-2977 GFI KerioConnect PDF File cross site scripting — KerioConnectCWE-79 3.5 Low2025-03-31
CVE-2025-2976 GFI KerioConnect File Upload cross site scripting — KerioConnectCWE-79 3.5 Low2025-03-31
CVE-2025-2975 GFI KerioConnect Signature EditHtmlSource cross site scripting — KerioConnectCWE-79 3.5 Low2025-03-31
CVE-2024-52875 GFI Kerio Control 安全漏洞 — Kerio ControlCWE-113 8.8 High2025-01-31
CVE-2024-11949 GFI Archiver Store Service Deserialization of Untrusted Data Remote Code Execution Vulnerability — ArchiverCWE-502 8.8 -2024-12-11
CVE-2024-11948 GFI Archiver Telerik Web UI Remote Code Execution Vulnerability — ArchiverCWE-1395 9.8 -2024-12-11
CVE-2024-11947 GFI Archiver Core Service Deserialization of Untrusted Data Remote Code Execution Vulnerability — ArchiverCWE-502 8.8 -2024-12-11

This page lists every published CVE security advisory associated with GFI. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.