Server-Side Request Forgery Vulnerability in Bitdefender GravityZone Console
CVE-2025-2243

6.9MEDIUM

Key Information:

Vendor

Bitdefender

Status
Gravityzone Console
Vendor
CVE Published:
4 April 2025

What is CVE-2025-2243?

A security vulnerability present in Bitdefender GravityZone Console enables attackers to exploit server-side request forgery (SSRF) through the use of leading characters in DNS requests. This flaw affects versions prior to 6.41.2.1 and can allow malicious actors to bypass input validation mechanisms, potentially leading to the execution of unauthorized commands or third-party code when combined with other vulnerabilities.

Affected Version(s)

GravityZone Console 0 < 6.41.2-1

References

https://www.bitdefender.com/support/security-advisories/s...

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Nicolas Verdier (@n1nj4sec)
JSON
.
CVE-2025-2243 : Server-Side Request Forgery Vulnerability in Bitdefender GravityZone Console