Primary

Context

Bitdefender GravityZone Console PHP Object Injection Vulnerability Allowing Arbitrary Command Execution

Vulnerability

Patched

A PHP object injection vulnerability has been identified in Bitdefender GravityZone Console versions prior to 6.41.2-1. The issue arises in the 'sendMailFromRemoteSource' method of 'Emails.php', where user-supplied input is unsafely processed using 'php unserialize()' without proper validation. This vulnerability allows attackers to craft malicious serialized payloads that can be used to inject objects, execute arbitrary commands on the host system, and perform unauthorized file writes.

Impact

Exploitation of this vulnerability allows for PHP object injection, arbitrary command execution on the host system, and unauthorized file writes.

Remediation

Users can update to Bitdefender GravityZone Console version 6.41.2-1 to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

6.2

impact

10.0

exploitability

6.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.2

impact

10.0

exploitability

6.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Bitdefender GravityZone Console PHP Object Injection Vulnerability Allowing Arbitrary Command Execution

Vulnerability

Impact

Remediation

Affected Products

Bitdefender GravityZone Console

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating