CVE-2025-2245

Published: Apr 4, 2025

Modified: Apr 4, 2025

PUBLISHED

Description

A server-side request forgery (SSRF) vulnerability exists in the Bitdefender GravityZone Update Server when operating in Relay Mode. The HTTP proxy component on port 7074 uses a domain allowlist to restrict outbound requests, but fails to properly sanitize hostnames containing null-byte (%00) sequences. By crafting a request to a domain such as evil.com%00.bitdefender.com, an attacker can bypass the allowlist check, causing the proxy to forward requests to arbitrary external or internal systems.

Vendor	Product	Versions
Bitdefender	GravityZone Update Server	affected `0 - < 3.5.2.689`

Weaknesses (CWE)

CWE-918

References

https://www.bitdefender.com/support/security-advisories/server-side-request-forgery-in-gravityzone-update-server-using-null-bytes-va-12646

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-2245

Description

Affected Products

Weaknesses (CWE)

References