A server-side request forgery (SSRF) vulnerability in Bitdefender GravityZone Console allows an attacker to bypass input validation logic using leading characters in DNS requests. Paired with other potential vulnerabilities, this bypass could be used for execution of third party code. This issue affects GravityZone Console: before 6.41.2.1.
Metrics
Affected Vendors & Products
References
History
Wed, 30 Jul 2025 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Bitdefender
Bitdefender gravityzone |
|
CPEs | cpe:2.3:a:bitdefender:gravityzone:*:*:*:*:*:*:*:* | |
Vendors & Products |
Bitdefender
Bitdefender gravityzone |
|
Metrics |
cvssV3_1
|
Fri, 04 Apr 2025 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Fri, 04 Apr 2025 10:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A server-side request forgery (SSRF) vulnerability in Bitdefender GravityZone Console allows an attacker to bypass input validation logic using leading characters in DNS requests. Paired with other potential vulnerabilities, this bypass could be used for execution of third party code. This issue affects GravityZone Console: before 6.41.2.1. | |
Title | SSRF in GravityZone Console via DNS Truncation (VA-12634) | |
Weaknesses | CWE-918 | |
References |
| |
Metrics |
cvssV4_0
|

Status: PUBLISHED
Assigner: Bitdefender
Published: 2025-04-04T09:53:25.476Z
Updated: 2025-04-04T14:21:05.194Z
Reserved: 2025-03-12T11:14:04.233Z
Link: CVE-2025-2243

Updated: 2025-04-04T14:21:00.738Z

Status : Analyzed
Published: 2025-04-04T10:15:16.313
Modified: 2025-07-30T19:04:20.947
Link: CVE-2025-2243

No data.