CVE-2025-2245

A server-side request forgery (SSRF) vulnerability exists in the Bitdefender GravityZone Update Server when operating in Relay Mode. The HTTP proxy component on port 7074 uses a domain allowlist to restrict outbound requests, but fails to properly sanitize hostnames containing null-byte (%00) sequences. By crafting a request to a domain such as evil.com%00.bitdefender.com, an attacker can bypass the allowlist check, causing the proxy to forward requests to arbitrary external or internal systems.

CVSS

No CVSS.

References

Link	Resource
https://www.bitdefender.com/support/security-advisories/server-side-request-forgery-in-gravityzone-update-server-using-null-bytes-va-12646

Configurations

No configuration.

History

07 Apr 2025, 14:18

Type	Values Removed	Values Added
Summary		(es) Existe una vulnerabilidad de server-side request forgery (SSRF) en Bitdefender GravityZone Update Server al operar en modo de retransmisión. El componente proxy HTTP en el puerto 7074 utiliza una lista de permitidos de dominio para restringir las solicitudes salientes, pero no depura correctamente los nombres de host que contienen secuencias de bytes nulos (%00). Al manipular una solicitud a un dominio como evil.com%00.bitdefender.com, un atacante puede eludir la comprobación de la lista de permitidos, lo que provoca que el proxy reenvíe las solicitudes a sistemas externos o internos arbitrarios.

04 Apr 2025, 10:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-04-04 10:15

Updated : 2025-04-07 14:18

NVD link : CVE-2025-2245

Mitre link : CVE-2025-2245

CVE.ORG link : CVE-2025-2245

JSON object : View

Products Affected

No product.

CWE

CWE-918

Server-Side Request Forgery (SSRF)

{"id": "CVE-2025-2245", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "cve-requests@bitdefender.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.9, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-04-04T10:15:16.740", "references": [{"url": "https://www.bitdefender.com/support/security-advisories/server-side-request-forgery-in-gravityzone-update-server-using-null-bytes-va-12646", "source": "cve-requests@bitdefender.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "cve-requests@bitdefender.com", "description": [{"lang": "en", "value": "CWE-918"}]}], "descriptions": [{"lang": "en", "value": "A server-side request forgery (SSRF) vulnerability exists in the Bitdefender GravityZone Update Server when operating in Relay Mode. The HTTP proxy component on port 7074 uses a domain allowlist to restrict outbound requests, but fails to properly sanitize hostnames containing null-byte (%00) sequences. By crafting a request to a domain such as evil.com%00.bitdefender.com, an attacker can bypass the allowlist check, causing the proxy to forward requests to arbitrary external or internal systems."}, {"lang": "es", "value": "Existe una vulnerabilidad de server-side request forgery (SSRF) en Bitdefender GravityZone Update Server al operar en modo de retransmisi\u00f3n. El componente proxy HTTP en el puerto 7074 utiliza una lista de permitidos de dominio para restringir las solicitudes salientes, pero no depura correctamente los nombres de host que contienen secuencias de bytes nulos (%00). Al manipular una solicitud a un dominio como evil.com%00.bitdefender.com, un atacante puede eludir la comprobaci\u00f3n de la lista de permitidos, lo que provoca que el proxy reenv\u00ede las solicitudes a sistemas externos o internos arbitrarios."}], "lastModified": "2025-04-07T14:18:15.560", "sourceIdentifier": "cve-requests@bitdefender.com"}