cbcvebase.
CVE-2025-0431
published 2025-03-19

CVE-2025-0431: Enterprise Protection contains a vulnerability in URL rewriting that allows an unauthenticated remote attacker to send an email which bypasses URL protections…

PriorityP434medium5.8CVSS 3.1
AVNACLPRNUINSCCNILAN
EPSS
0.39%
30.3th percentile
Enterprise Protection contains a vulnerability in URL rewriting that allows an unauthenticated remote attacker to send an email which bypasses URL protections impacting the integrity of recipient's email. This occurs due to improper filtering of backslashes within URLs and affects all versions of 8.21, 8.20 and 8.18 prior to 8.21.0 patch 5115, 8.20.6 patch 5114 and 8.18.6 patch 5113 respectively.

Affected

3 ranges
VendorProductVersion rangeFixed in
proofpointenterprise_protection>= 8.18.6 < patch 5113patch 5113
proofpointenterprise_protection>= 8.20.6 < patch 5114patch 5114
proofpointenterprise_protection>= 8.21.0 < patch 5115patch 5115
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.