Azerbaijan’s Special Communication Service Uncovers Security Flaws in GFI KerioConnect

Baku: Azerbaijan’s Special Communication and Information Security Service has identified three security vulnerabilities in the global email system ‘GFI KerioConnect’.

According to Azeri-Press News Agency, the vulnerabilities, identified as CVE-2025-2975, CVE-2025-2976, and CVE-2025-2977, allow remote access to the user interface and document processing functionalities. These vulnerabilities have been officially confirmed and registered in the National Vulnerability Database (NVD) of the U.S. National Institute of Standards and Technology (nist.gov).

The U.S.-based software company GFI Software, which provides the email service, has been informed of these vulnerabilities. GFI Software, headquartered in Texas, has been operational since 1992 and maintains offices in several countries, including the U.S., the U.K., Germany, and the Czech Republic. Its products are utilized by over 60,000 organizations and institutions worldwide.