Proofpoint Enterprise Protection
Moderate fix3 remedies
cpe:2.3:a:proofpoint:enterprise_protection:*:*:*:*:*:*:*
Moderate fix3 remedies
- < 8.21.0 patch 5115
- < 8.20.6 patch 5114
- < 8.18.6 patch 5113
Proofpoint Enterprise Protection URL Rewrite Bypass Vulnerability
Vulnerability
Patched
A vulnerability exists in Proofpoint Enterprise Protection's URL rewriting process, allowing an unauthenticated remote attacker to send emails that bypass URL protections. This flaw, which impacts the integrity of the recipient's email, arises from inadequate filtering of backslashes in URLs. The vulnerability affects all versions of 8.21, 8.20, and 8.18 prior to their respective patched releases.
Impact
Exploitation of this vulnerability allows for a URL rewrite bypass, undermining URL protections and potentially leading to malicious links being delivered via email.
Remediation
Proofpoint has released patches for this vulnerability in versions 8.18.6 patch 5113, 8.20.6 patch 5114, and 8.21.0 patch 5115. On-premises customers should upgrade to these versions. Proofpoint On-Demand customers do not need to take any action, as the fixes have already been deployed.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
1.0impact
2.5exploitability
7.6remediation
7.7relevance
0.0threat
0.0urgency
2.9incentive
5.8Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.