Server-Side Request Forgery Vulnerability in Bitdefender GravityZone Console
CVE-2025-2243

6.9MEDIUM

Key Information:

Vendor: Bitdefender
Status: Gravityzone Console
Vendor: CVE Published:; 4 April 2025

🔔 Create Bitdefender Vulnerability Alert

What is CVE-2025-2243?

A security vulnerability present in Bitdefender GravityZone Console enables attackers to exploit server-side request forgery (SSRF) through the use of leading characters in DNS requests. This flaw affects versions prior to 6.41.2.1 and can allow malicious actors to bypass input validation mechanisms, potentially leading to the execution of unauthorized commands or third-party code when combined with other vulnerabilities.

Affected Version(s)

GravityZone Console 0 < 6.41.2-1

References

https://www.bitdefender.com/support/security-advisories/s...

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 4, 2025
Vulnerability Reserved
Mar 12, 2025

Credit

Nicolas Verdier (@n1nj4sec)