144 matches found
CVE-2025-2243
A server-side request forgery SSRF vulnerability in Bitdefender GravityZone Console allows an attacker to bypass input validation logic using leading characters in DNS requests. Paired with other potential vulnerabilities, this bypass could be used for execution of third party code. This issue...
CVE-2025-2244
A vulnerability in the sendMailFromRemoteSource method in Emails.php as used in Bitdefender GravityZone Console unsafely uses php unserialize on user-supplied input without validation. By crafting a malicious serialized payload, an attacker can trigger PHP object injection, perform a file write,...
CVE-2025-2243
A server-side request forgery SSRF vulnerability in Bitdefender GravityZone Console allows an attacker to bypass input validation logic using leading characters in DNS requests. Paired with other potential vulnerabilities, this bypass could be used for execution of third party code. This issue...
CVE-2025-2245
A server-side request forgery SSRF vulnerability exists in the Bitdefender GravityZone Update Server when operating in Relay Mode. The HTTP proxy component on port 7074 uses a domain allowlist to restrict outbound requests, but fails to properly sanitize hostnames containing null-byte %00...
CVE-2025-2243
A server-side request forgery SSRF vulnerability in Bitdefender GravityZone Console allows an attacker to bypass input validation logic using leading characters in DNS requests. Paired with other potential vulnerabilities, this bypass could be used for execution of third party code. This issue...
CVE-2025-2245
A server-side request forgery SSRF vulnerability exists in the Bitdefender GravityZone Update Server when operating in Relay Mode. The HTTP proxy component on port 7074 uses a domain allowlist to restrict outbound requests, but fails to properly sanitize hostnames containing null-byte %00...
CVE-2025-2245
CVE-2025-2245 describes an SSRF in Bitdefender GravityZone Update Server when in Relay Mode. The HTTP proxy on port 7074 uses a domain allowlist but fails to sanitize hostnames containing null-byte sequences (e.g., evil.com%00.bitdefender.com), allowing an attacker to bypass the allowlist and for...
CVE-2025-2245 Server Side Request Forgery in GravityZone Update Server Using Null Bytes (VA-12646)
A server-side request forgery SSRF vulnerability exists in the Bitdefender GravityZone Update Server when operating in Relay Mode. The HTTP proxy component on port 7074 uses a domain allowlist to restrict outbound requests, but fails to properly sanitize hostnames containing null-byte %00...
CVE-2025-2245 Server Side Request Forgery in GravityZone Update Server Using Null Bytes (VA-12646)
A server-side request forgery SSRF vulnerability exists in the Bitdefender GravityZone Update Server when operating in Relay Mode. The HTTP proxy component on port 7074 uses a domain allowlist to restrict outbound requests, but fails to properly sanitize hostnames containing null-byte %00...
CVE-2025-2243
Bitdefender GravityZone Console (GravityZone Console) is affected by CVE-2025-2243, an SSRF vulnerability where an attacker may bypass input validation by using leading characters in DNS requests. The issue affects GravityZone Console versions before 6.41.2.1. Root cause: flawed input validation ...
CVE-2025-2243 SSRF in GravityZone Console via DNS Truncation (VA-12634)
A server-side request forgery SSRF vulnerability in Bitdefender GravityZone Console allows an attacker to bypass input validation logic using leading characters in DNS requests. Paired with other potential vulnerabilities, this bypass could be used for execution of third party code. This issue...
CVE-2025-2243 SSRF in GravityZone Console via DNS Truncation (VA-12634)
A server-side request forgery SSRF vulnerability in Bitdefender GravityZone Console allows an attacker to bypass input validation logic using leading characters in DNS requests. Paired with other potential vulnerabilities, this bypass could be used for execution of third party code. This issue...
CVE-2025-2244
CVE-2025-2244 affects Bitdefender GravityZone Console, via the vulnerable sendMailFromRemoteSource method in Emails.php that unserializes user input without validation. This enables PHP object injection, leading to a file write and arbitrary command execution on the host, per multiple sources. In...
CVE-2025-2244 Insecure PHP deserialization issue in GravityZone Console (VA-12634)
A vulnerability in the sendMailFromRemoteSource method in Emails.php as used in Bitdefender GravityZone Console unsafely uses php unserialize on user-supplied input without validation. By crafting a malicious serialized payload, an attacker can trigger PHP object injection, perform a file write,...
CVE-2025-2244 Insecure PHP deserialization issue in GravityZone Console (VA-12634)
A vulnerability in the sendMailFromRemoteSource method in Emails.php as used in Bitdefender GravityZone Console unsafely uses php unserialize on user-supplied input without validation. By crafting a malicious serialized payload, an attacker can trigger PHP object injection, perform a file write,...
Bitdefender GravityZone Console 代码问题漏洞
Bitdefender GravityZone Console is a centralized cybersecurity management platform from Bitdefender Romania, designed to provide organizations with full visibility and control over their security infrastructure. A code issue vulnerability exists in Bitdefender GravityZone Console versions prior t...
PT-2025-14874 · Bitdefender · Bitdefender Gravityzone Console
Name of the Vulnerable Software and Affected Versions: Bitdefender GravityZone Console affected versions not specified Description: A vulnerability exists in the sendMailFromRemoteSource method in Emails.php, which unsafely uses the php unserialize function on user-supplied input without...
Bitdefender GravityZone Console 代码问题漏洞
Bitdefender GravityZone Console is a centralized cybersecurity management platform from Bitdefender Romania, designed to provide organizations with full visibility and control over their security infrastructure. A code issue vulnerability exists in Bitdefender GravityZone Console versions prior t...
PT-2025-14875 · Bitdefender · Bitdefender Gravityzone Update Server
Name of the Vulnerable Software and Affected Versions: Bitdefender GravityZone Update Server affected versions not specified Description: A server-side request forgery SSRF issue exists in the Bitdefender GravityZone Update Server when operating in Relay Mode. The HTTP proxy component on port 707...
PT-2025-14873 · Bitdefender · Bitdefender Gravityzone Console
Name of the Vulnerable Software and Affected Versions: Bitdefender GravityZone Console versions prior to 6.41.2.1 Description: A server-side request forgery SSRF issue allows an attacker to bypass input validation logic using leading characters in DNS requests. This could potentially be used for...