CVE-2025-2244

A vulnerability in thesendMailFromRemoteSourcemethod in Emails.php as used in Bitdefender GravityZone Console unsafely uses php unserialize()on user-supplied input without validation. By crafting a malicious serialized payload, an attacker can trigger PHP object injection, perform a file write, and gain arbitrary command execution on the host system.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
UNKNOWN
---
BitdefenderCNA
---
---
CISA-ADPADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 26%
Common Weakness Enumeration
References
http://bitdefender.com/support/security-advisories/insecure-php-deserialization-issue-in-gravityzone-console-va-12634