CVE-2025-2243

Medium CVSS: 6.9

A server-side request forgery (SSRF) vulnerability in Bitdefender GravityZone Console allows an attacker to bypass input validation logic using leading characters in DNS requests. Paired with other potential vulnerabilities, this bypass could be used for execution of third party code. This issue affects GravityZone Console: before 6.41.2.1.

Vendor

Bitdefender

Product

Gravityzone

CWE

CWE-918

Yayın Tarihi

2025-04-04 10:15:16

Güncelleme

2025-07-30 19:04:20

Source Identifier

cve-requests@bitdefender.com

KEV Date Added

Kategoriler

CWE-918 Gravityzone MEDIUM Bitdefender 2025

Referanslar

https://www.bitdefender.com/support/security-advisories/ssrf-in-gravityzone-console-via-dns-truncation-va-12634

Benzer Kayıtlar

High

CVE-2025-7073

A local privilege escalation vulnerability in Bitdefender Total Security versions prior to 27.0.47.241 allows low-privil…

Medium

CVE-2025-5317

An improper access restriction to a folder in Bitdefender Endpoint Security Tools for Mac (BEST) before 7.20.52.200087 a…

Critical

CVE-2025-2244

A vulnerability in the sendMailFromRemoteSource method in Emails.php as used in Bitdefender GravityZone Console unsafel…

Medium

CVE-2025-2245

A server-side request forgery (SSRF) vulnerability exists in the Bitdefender GravityZone Update Server when operating in…

Critical

CVE-2024-13871

A command injection vulnerability exists in the /check_image_and_trigger_recovery API endpoint of Bitdefender Box 1 (fir…

Critical

CVE-2024-13872

Bitdefender Box, versions 1.3.11.490 through 1.3.11.505, uses the insecure HTTP protocol to download assets over the Int…