CVE-2025-2243

A server-side request forgery (SSRF) vulnerability in Bitdefender GravityZone Console allows an attacker to bypass input validation logic using leading characters in DNS requests. Paired with other potential vulnerabilities, this bypass could be used for execution of third party code. This issue affects GravityZone Console: before 6.41.2.1.

CVSS

No CVSS.

References

Link	Resource
https://www.bitdefender.com/support/security-advisories/ssrf-in-gravityzone-console-via-dns-truncation-va-12634

Configurations

No configuration.

History

07 Apr 2025, 14:18

Type	Values Removed	Values Added
Summary		(es) Una vulnerabilidad de server-side request forgery (SSRF) en Bitdefender GravityZone Console permite a un atacante eludir la lógica de validación de entrada mediante caracteres iniciales en las solicitudes DNS. Junto con otras posibles vulnerabilidades, esta omisión podría utilizarse para la ejecución de código de terceros. Este problema afecta a la consola GravityZone anterior a la versión 6.41.2.1.

04 Apr 2025, 10:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-04-04 10:15

Updated : 2025-04-07 14:18

NVD link : CVE-2025-2243

Mitre link : CVE-2025-2243

CVE.ORG link : CVE-2025-2243

JSON object : View

Products Affected

No product.

CWE

CWE-918

Server-Side Request Forgery (SSRF)

{"id": "CVE-2025-2243", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "cve-requests@bitdefender.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.9, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-04-04T10:15:16.313", "references": [{"url": "https://www.bitdefender.com/support/security-advisories/ssrf-in-gravityzone-console-via-dns-truncation-va-12634", "source": "cve-requests@bitdefender.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "cve-requests@bitdefender.com", "description": [{"lang": "en", "value": "CWE-918"}]}], "descriptions": [{"lang": "en", "value": "A server-side request forgery (SSRF) vulnerability in Bitdefender GravityZone Console allows an attacker to bypass input validation logic using leading characters in DNS requests. Paired with other potential vulnerabilities, this bypass could be used for execution of third party code.\u00a0This issue affects GravityZone Console: before 6.41.2.1."}, {"lang": "es", "value": "Una vulnerabilidad de server-side request forgery (SSRF) en Bitdefender GravityZone Console permite a un atacante eludir la l\u00f3gica de validaci\u00f3n de entrada mediante caracteres iniciales en las solicitudes DNS. Junto con otras posibles vulnerabilidades, esta omisi\u00f3n podr\u00eda utilizarse para la ejecuci\u00f3n de c\u00f3digo de terceros. Este problema afecta a la consola GravityZone anterior a la versi\u00f3n 6.41.2.1."}], "lastModified": "2025-04-07T14:18:15.560", "sourceIdentifier": "cve-requests@bitdefender.com"}