What is the severity of CVE-2025-2245?

CVE-2025-2245 has been rated as a high severity vulnerability due to its potential exploitation via server-side request forgery.

How do I fix CVE-2025-2245?

To fix CVE-2025-2245, it is recommended to update the Bitdefender GravityZone Update Server to the latest version provided by the vendor.

Which software is affected by CVE-2025-2245?

CVE-2025-2245 affects the Bitdefender GravityZone Update Server when it is operating in Relay Mode.

What kind of vulnerability is CVE-2025-2245?

CVE-2025-2245 is a server-side request forgery (SSRF) vulnerability.

What can an attacker achieve by exploiting CVE-2025-2245?

An attacker exploiting CVE-2025-2245 could make unauthorized outbound requests from the affected server, potentially accessing sensitive resources.

Vulnerability/
CVE-2025-2245

medium

6.9

CWE

918

4/4/2025

7/4/2025

CVE-2025-2245: Server Side Request Forgery in GravityZone Update Server Using Null Bytes (VA-12646)

First published: Fri Apr 04 2025(Updated: )

A server-side request forgery (SSRF) vulnerability exists in the Bitdefender GravityZone Update Server when operating in Relay Mode. The HTTP proxy component on port 7074 uses a domain allowlist to restrict outbound requests, but fails to properly sanitize hostnames containing null-byte (%00) sequences. By crafting a request to a domain such as evil.com%00.bitdefender.com, an attacker can bypass the allowlist check, causing the proxy to forward requests to arbitrary external or internal systems.

Credit: cve-requests@bitdefender.com

Affected Software	Affected Version	How to fix
Bitdefender GravityZone

Remedy

An automatic update to version 3.5.2.689 fixes the issue.

Never miss a vulnerability like this again

Reference Links

https://www.bitdefender.com/support/security-advisories/server-side-request-forgery-in-gravityzone-update-server-using-null-bytes-va-12646

Frequently Asked Questions

What is the severity of CVE-2025-2245?
CVE-2025-2245 has been rated as a high severity vulnerability due to its potential exploitation via server-side request forgery.
How do I fix CVE-2025-2245?
To fix CVE-2025-2245, it is recommended to update the Bitdefender GravityZone Update Server to the latest version provided by the vendor.
Which software is affected by CVE-2025-2245?
CVE-2025-2245 affects the Bitdefender GravityZone Update Server when it is operating in Relay Mode.
What kind of vulnerability is CVE-2025-2245?
CVE-2025-2245 is a server-side request forgery (SSRF) vulnerability.
What can an attacker achieve by exploiting CVE-2025-2245?
An attacker exploiting CVE-2025-2245 could make unauthorized outbound requests from the affected server, potentially accessing sensitive resources.

collector/mitre-cve
source/MITRE
agent/remedy
agent/title
agent/weakness
agent/first-publish-date
agent/references
agent/type
agent/description
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
agent/softwarecombine
collector/nvd-api
source/NVD
agent/author
agent/last-modified-date
agent/source
agent/severity
agent/tags
agent/event
vendor/bitdefender
canonical/bitdefender gravityzone

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.