Bitdefender Gravityzone Console vulnerabilities
2 known vulnerabilities affecting bitdefender/gravityzone_console.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1
Vulnerabilities
Page 1 of 1
CVE-2025-2244P3CRITICALCVSS 9.8fixed in 6.41.2-12025-04-04
CVE-2025-2244 [CRITICAL] CWE-502 CVE-2025-2244: A vulnerability in the sendMailFromRemoteSource method in Emails.php as used in Bitdefender Gravity
A vulnerability in the sendMailFromRemoteSource method in Emails.php as used in Bitdefender GravityZone Console unsafely uses php unserialize() on user-supplied input without validation. By crafting a malicious serialized payload, an attacker can trigger PHP object injection, perform a file write, and gain arbitrary command execution on the host syst
nvd
CVE-2025-2243P3HIGHCVSS 7.3fixed in 6.41.2-12025-04-04
CVE-2025-2243 [HIGH] CWE-918 CVE-2025-2243: A server-side request forgery (SSRF) vulnerability in Bitdefender GravityZone Console allows an atta
A server-side request forgery (SSRF) vulnerability in Bitdefender GravityZone Console allows an attacker to bypass input validation logic using leading characters in DNS requests. Paired with other potential vulnerabilities, this bypass could be used for execution of third party code. This issue affects GravityZone Console: before 6.41.2.1.
nvd