Three vulnerabilities—CVE-2025-2975, CVE-2025-2976, and CVE-2025-2977—that allow remote access to the user interface and document processing functionalities in the global email system “GFI KerioConnect” have been discovered by the Special Communication and Information Security State Service, APA-Economics reports.
The identified vulnerabilities have been officially confirmed and registered in the National Vulnerability Database (NVD) of the U.S. National Institute of Standards and Technology (nist.gov) under the same identification codes: CVE-2025-2975, CVE-2025-2976, and CVE-2025-2977.
The provider of the mentioned email service—U.S.-based software company GFI Software, headquartered in Texas—has been informed of these vulnerabilities.
For reference, GFI Software has been operating since 1992 and has offices in the U.S., the U.K., Germany, the Czech Republic, and other countries. Its products are used by over 60,000 organizations and institutions worldwide.
https://nvd.nist.gov/vuln/detail/CVE-2025-2975