Server-Side Request Forgery Vulnerability in Bitdefender GravityZone
CVE-2025-2245

6.9MEDIUM

Key Information:

Vendor: Bitdefender
Status: Gravityzone Update Server
Vendor: CVE Published:; 4 April 2025

🔔 Create Bitdefender Vulnerability Alert

What is CVE-2025-2245?

A server-side request forgery vulnerabilities has been identified in the Bitdefender GravityZone Update Server while functioning in Relay Mode. The HTTP proxy on port 7074 implements an allowlist to manage outbound requests; however, it inadequately filters hostnames that contain null-byte sequences (%00). This flaw could allow an attacker to devise a request targeting a malicious domain like evil.com%00.bitdefender.com, circumventing the allowance checks. As a result, the proxy could inadvertently route requests to unintended external or internal locations, exposing systems to potential attack vectors.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

GravityZone Update Server 0 < 3.5.2.689

References

https://www.bitdefender.com/support/security-advisories/s...

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Apr 4, 2025
Vulnerability Reserved
Mar 12, 2025

Credit

Nicolas Verdier (@n1nj4sec)

JSON

Bitdefender

What is CVE-2025-2245?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V4

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.