A server-side request forgery (SSRF) vulnerability in Bitdefender GravityZone Console allows an attacker to bypass input validation logic using leading characters in DNS requests. Paired with other potential vulnerabilities, this bypass could be used for execution of third party code. This issue affects GravityZone Console: before 6.41.2.1.
References
Link | Resource |
---|---|
https://www.bitdefender.com/support/security-advisories/ssrf-in-gravityzone-console-via-dns-truncation-va-12634 | Vendor Advisory |
Configurations
History
30 Jul 2025, 19:04
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:bitdefender:gravityzone:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.3 |
First Time |
Bitdefender
Bitdefender gravityzone |
|
References | () https://www.bitdefender.com/support/security-advisories/ssrf-in-gravityzone-console-via-dns-truncation-va-12634 - Vendor Advisory |
07 Apr 2025, 14:18
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
04 Apr 2025, 10:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2025-04-04 10:15
Updated : 2025-07-30 19:04
NVD link : CVE-2025-2243
Mitre link : CVE-2025-2243
CVE.ORG link : CVE-2025-2243
JSON object : View
Products Affected
bitdefender
- gravityzone
CWE
CWE-918
Server-Side Request Forgery (SSRF)