CVE-2025-0431
published 2025-03-19CVE-2025-0431: Enterprise Protection contains a vulnerability in URL rewriting that allows an unauthenticated remote attacker to send an email which bypasses URL protections…
PriorityP434medium5.8CVSS 3.1
AVNACLPRNUINSCCNILAN
EPSS
0.39%
30.3th percentile
Enterprise Protection contains a vulnerability in URL rewriting that allows an unauthenticated remote attacker to send an email which bypasses URL protections impacting the integrity of recipient's email. This occurs due to improper filtering of backslashes within URLs and affects all versions of 8.21, 8.20 and 8.18 prior to 8.21.0 patch 5115, 8.20.6 patch 5114 and 8.18.6 patch 5113 respectively.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| proofpoint | enterprise_protection | >= 8.18.6 < patch 5113 | patch 5113 |
| proofpoint | enterprise_protection | >= 8.20.6 < patch 5114 | patch 5114 |
| proofpoint | enterprise_protection | >= 8.21.0 < patch 5115 | patch 5115 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-03-19
Published