FKIE_CVE-2025-2245

Vulnerability from fkie_nvd - Published: 2025-04-04 10:15 - Updated: 2025-08-21 21:46
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Summary
A server-side request forgery (SSRF) vulnerability exists in the Bitdefender GravityZone Update Server when operating in Relay Mode. The HTTP proxy component on port 7074 uses a domain allowlist to restrict outbound requests, but fails to properly sanitize hostnames containing null-byte (%00) sequences. By crafting a request to a domain such as evil.com%00.bitdefender.com, an attacker can bypass the allowlist check, causing the proxy to forward requests to arbitrary external or internal systems.
References
cve-requests@bitdefender.comhttps://www.bitdefender.com/support/security-advisories/server-side-request-forgery-in-gravityzone-update-server-using-null-bytes-va-12646Vendor Advisory
Impacted products
Vendor Product Version
bitdefender gravityzone_update_server *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:bitdefender:gravityzone_update_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BB7F764-E560-4EBD-BFA6-9C96DB27CD1C",
              "versionEndExcluding": "3.5.2.689",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A server-side request forgery (SSRF) vulnerability exists in the Bitdefender GravityZone Update Server when operating in Relay Mode. The HTTP proxy component on port 7074 uses a domain allowlist to restrict outbound requests, but fails to properly sanitize hostnames containing null-byte (%00) sequences. By crafting a request to a domain such as evil.com%00.bitdefender.com, an attacker can bypass the allowlist check, causing the proxy to forward requests to arbitrary external or internal systems."
    },
    {
      "lang": "es",
      "value": "Existe una vulnerabilidad de server-side request forgery (SSRF) en Bitdefender GravityZone Update Server al operar en modo de retransmisi\u00f3n. El componente proxy HTTP en el puerto 7074 utiliza una lista de permitidos de dominio para restringir las solicitudes salientes, pero no depura correctamente los nombres de host que contienen secuencias de bytes nulos (%00). Al manipular una solicitud a un dominio como evil.com%00.bitdefender.com, un atacante puede eludir la comprobaci\u00f3n de la lista de permitidos, lo que provoca que el proxy reenv\u00ede las solicitudes a sistemas externos o internos arbitrarios."
    }
  ],
  "id": "CVE-2025-2245",
  "lastModified": "2025-08-21T21:46:18.723",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 6.9,
          "baseSeverity": "MEDIUM",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "NONE",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "LOW",
          "subConfidentialityImpact": "LOW",
          "subIntegrityImpact": "LOW",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "NONE",
          "vulnConfidentialityImpact": "LOW",
          "vulnIntegrityImpact": "NONE",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "cve-requests@bitdefender.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-04-04T10:15:16.740",
  "references": [
    {
      "source": "cve-requests@bitdefender.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.bitdefender.com/support/security-advisories/server-side-request-forgery-in-gravityzone-update-server-using-null-bytes-va-12646"
    }
  ],
  "sourceIdentifier": "cve-requests@bitdefender.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-918"
        }
      ],
      "source": "cve-requests@bitdefender.com",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.