CVE-2025-2243

A server-side request forgery (SSRF) vulnerability in Bitdefender GravityZone Console allows an attacker to bypass input validation logic using leading characters in DNS requests. Paired with other potential vulnerabilities, this bypass could be used for execution of third party code. This issue affects GravityZone Console: before 6.41.2.1.
Configurations

Configuration 1 (hide)

cpe:2.3:a:bitdefender:gravityzone:*:*:*:*:*:*:*:*

History

30 Jul 2025, 19:04

Type Values Removed Values Added
CPE cpe:2.3:a:bitdefender:gravityzone:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.3
First Time Bitdefender
Bitdefender gravityzone
References () https://www.bitdefender.com/support/security-advisories/ssrf-in-gravityzone-console-via-dns-truncation-va-12634 - () https://www.bitdefender.com/support/security-advisories/ssrf-in-gravityzone-console-via-dns-truncation-va-12634 - Vendor Advisory

07 Apr 2025, 14:18

Type Values Removed Values Added
Summary
  • (es) Una vulnerabilidad de server-side request forgery (SSRF) en Bitdefender GravityZone Console permite a un atacante eludir la lógica de validación de entrada mediante caracteres iniciales en las solicitudes DNS. Junto con otras posibles vulnerabilidades, esta omisión podría utilizarse para la ejecución de código de terceros. Este problema afecta a la consola GravityZone anterior a la versión 6.41.2.1.

04 Apr 2025, 10:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-04-04 10:15

Updated : 2025-07-30 19:04


NVD link : CVE-2025-2243

Mitre link : CVE-2025-2243

CVE.ORG link : CVE-2025-2243


JSON object : View

Products Affected

bitdefender

  • gravityzone
CWE
CWE-918

Server-Side Request Forgery (SSRF)