Gravityzone

2 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2025-2244 CRITICAL Act Now

A vulnerability in the sendMailFromRemoteSource method in Emails.php as used in Bitdefender GravityZone Console unsafely uses php unserialize() on user-supplied input without validation. Rated critical severity (CVSS 9.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Deserialization Gravityzone
NVD
CVSS 4.0
9.5
EPSS
1.9%
CVE-2025-2243 MEDIUM This Month

A server-side request forgery (SSRF) vulnerability in Bitdefender GravityZone Console allows an attacker to bypass input validation logic using leading characters in DNS requests. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Gravityzone
NVD
CVSS 4.0
6.9
EPSS
0.8%
CVE-2025-2244
EPSS 2% CVSS 9.5
CRITICAL Act Now

A vulnerability in the sendMailFromRemoteSource method in Emails.php as used in Bitdefender GravityZone Console unsafely uses php unserialize() on user-supplied input without validation. Rated critical severity (CVSS 9.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Deserialization Gravityzone
NVD
CVE-2025-2243
EPSS 1% CVSS 6.9
MEDIUM This Month

A server-side request forgery (SSRF) vulnerability in Bitdefender GravityZone Console allows an attacker to bypass input validation logic using leading characters in DNS requests. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Gravityzone
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy