CVE-2025-2243
SSRF in GravityZone Console via DNS Truncation (VA-12634)
Severity Score
Exploit Likelihood
Affected Versions
1Public Exploits
0Exploited in Wild
-Decision
Descriptions
A server-side request forgery (SSRF) vulnerability in Bitdefender GravityZone Console allows an attacker to bypass input validation logic using leading characters in DNS requests. Paired with other potential vulnerabilities, this bypass could be used for execution of third party code. This issue affects GravityZone Console: before 6.41.2.1.
Una vulnerabilidad de server-side request forgery (SSRF) en Bitdefender GravityZone Console permite a un atacante eludir la lógica de validación de entrada mediante caracteres iniciales en las solicitudes DNS. Junto con otras posibles vulnerabilidades, esta omisión podría utilizarse para la ejecución de código de terceros. Este problema afecta a la consola GravityZone anterior a la versión 6.41.2.1.
A server-side request forgery (SSRF) vulnerability in Bitdefender GravityZone Console allows an attacker to bypass input validation logic using leading characters in DNS requests. Paired with other potential vulnerabilities, this bypass could be used for execution of third party code. This issue affects GravityZone Console: before 6.41.2.1.
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2025-03-12 CVE Reserved
- 2025-04-04 CVE Published
- 2025-04-04 CVE Updated
- 2025-04-05 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-918: Server-Side Request Forgery (SSRF)
CAPEC
- CAPEC-3: Using Leading 'Ghost' Character Sequences to Bypass Input Filters
References (1)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|