CVE-2025-2243

HIGH

Bitdefender GravityZone < 6.41.2-1 - Server-Side Request Forgery via DNS Truncation Bypass

Title source: llm
STIX 2.1

Description

A server-side request forgery (SSRF) vulnerability in Bitdefender GravityZone Console allows an attacker to bypass input validation logic using leading characters in DNS requests. Paired with other potential vulnerabilities, this bypass could be used for execution of third party code. This issue affects GravityZone Console: before 6.41.2.1.

References (1)

Core 1

Scores

CVSS v3 7.3
EPSS 0.0030
EPSS Percentile 21.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-918
Status published
Products (1)
bitdefender/gravityzone < 6.41.2-1
Published Apr 04, 2025
Tracked Since Feb 18, 2026