CVE-2025-2244

Critical CVSS: 9.5

A vulnerability in the sendMailFromRemoteSource method in Emails.php as used in Bitdefender GravityZone Console unsafely uses php unserialize() on user-supplied input without validation. By crafting a malicious serialized payload, an attacker can trigger PHP object injection, perform a file write, and gain arbitrary command execution on the host system.

Vendor

Bitdefender

Product

Gravityzone

CWE

CWE-502

Yayın Tarihi

2025-04-04 10:15:16

Güncelleme

2025-07-30 19:04:47

Source Identifier

cve-requests@bitdefender.com

KEV Date Added

Kategoriler

CWE-502 Gravityzone CRITICAL Bitdefender 2025

Referanslar

http://bitdefender.com/support/security-advisories/insecure-php-deserialization-issue-in-gravityzone-console-va-12634

Benzer Kayıtlar

High

CVE-2025-7073

A local privilege escalation vulnerability in Bitdefender Total Security versions prior to 27.0.47.241 allows low-privil…

Medium

CVE-2025-5317

An improper access restriction to a folder in Bitdefender Endpoint Security Tools for Mac (BEST) before 7.20.52.200087 a…

Medium

CVE-2025-2243

A server-side request forgery (SSRF) vulnerability in Bitdefender GravityZone Console allows an attacker to bypass input…

Medium

CVE-2025-2245

A server-side request forgery (SSRF) vulnerability exists in the Bitdefender GravityZone Update Server when operating in…

Critical

CVE-2024-13871

A command injection vulnerability exists in the /check_image_and_trigger_recovery API endpoint of Bitdefender Box 1 (fir…

Critical

CVE-2024-13872

Bitdefender Box, versions 1.3.11.490 through 1.3.11.505, uses the insecure HTTP protocol to download assets over the Int…