Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

Bitdefender — Vulnerabilities & Security Advisories 73

Browse all 73 CVE security advisories affecting Bitdefender. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top 10 Products Bitdefender:Total SecurityBitdefender Internet SecuritySafePayBitdefender EnginesBitdefender BOX 2GravityZoneEndpoint Security ToolsGravityZone Update ServerHypervisor IntrospectionBOX v1Antivirus PlusBitdefender Antivirus for MacBitdefender Total Security 2020GravityZone Control Center (On Premises)EnginesGravityZone Console On-PremiseEndpoint Security Tools for LinuxGravityZone ConsoleAntivirus Free 2020Virus ScannerUpdate ServerEndpoint Security Tools for MacENdpoint Security Tools for WindowsGravityZone Business SecurityEndpoint Security for MacBitdefender Antivirus FreeAntivirus FreeEndpoinit Security Tools for WindowsHigh-Level Antimalware SDK for WindowsBitdefender Update Server
CVE IDTitleCVSSSeverityPaused
CVE-2025-7073 Local Privilege Escalation via Arbitrary File Operation in Bitdefender Total Security — Total SecurityCWE-59 7.8AIHighAI2025-12-10
CVE-2025-5317 Improper access restriction to critical folder in Bitdefender Endpoint Security Tools for Mac — Endpoint Security Tools for MacCWE-862 4.4 -2025-11-11
CVE-2025-2245 Server Side Request Forgery in GravityZone Update Server Using Null Bytes (VA-12646) — GravityZone Update ServerCWE-918 9.1AICriticalAI2025-04-04
CVE-2025-2243 SSRF in GravityZone Console via DNS Truncation (VA-12634) — GravityZone ConsoleCWE-918 9.8AICriticalAI2025-04-04
CVE-2025-2244 Insecure PHP deserialization issue in GravityZone Console (VA-12634) — GravityZone ConsoleCWE-502 9.8AICriticalAI2025-04-04
CVE-2024-13870 Unauthenticated Firmware Downgrade in Bitdefender Box v1 — BOX v1CWE-1328 5.3 -2025-03-12
CVE-2024-13871 Unauthenticated Command Injection in Bitdefender BOX v1 — BOX v1CWE-77 8.8 -2025-03-12
CVE-2024-13872 Bitdefender Box Insecure Update Mechanism Vulnerability in libboxhermes.so — BOX v1CWE-319 7.5 -2025-03-12
CVE-2020-8094 Untrusted Search Path Vulnerability in Bitdefender Antivirus Free 2020 (VA-8422) — Antivirus Free 2020CWE-426 7.3 -2025-01-15
CVE-2024-11128 Insufficient Hardened Runtime or Library Validation signing in Bitdefender Virus Scanner for macOS — Virus ScannerCWE-269 7.8 -2025-01-13
CVE-2023-49570 Insecure Trust of Basic Constraints certificate in Bitdefender Total Security HTTPS Scanning (VA-11210) — Total SecurityCWE-295 7.4 -2024-10-18
CVE-2023-49567 Insecure Trust of certificates using collision hash functions in Bitdefender Total Security HTTPS Scanning (VA-11239) — Total SecurityCWE-295 7.4 -2024-10-18
CVE-2023-6058 HTTPS Certificate Validation Issue in Bitdefender Safepay (VA-11167) — Total SecurityCWE-295 7.4 -2024-10-18
CVE-2023-6057 Insecure Trust of DSA-Signed Certificates in Bitdefender Total Security HTTPS Scanning (VA-11166) — Total SecurityCWE-295 5.9 -2024-10-18
CVE-2023-6056 Insecure Trust of Self-Signed Certificates in Bitdefender Total Security HTTPS Scanning (VA-11164) — Total SecurityCWE-295 7.4 -2024-10-18
CVE-2023-6055 Improper Certificate Validation in Bitdefender Total Security HTTPS Scanning (VA-11158) — Total SecurityCWE-295 7.4 -2024-10-18
CVE-2024-6980 Verbose error handling issue in GravityZone Update Server proxy service — GravityZone Update ServerCWE-209 9.8AICriticalAI2024-07-31
CVE-2024-4177 Host whitelist parser issue in GravityZone Console On-Premise (VA-11554) — GravityZone Console On-PremiseCWE-116 8.1 High2024-06-06
CVE-2024-2224 Privilege Escalation via the GravityZone productManager UpdateServer.KitsManager API (VA-11466) — GravityZone Control Center (On Premises)CWE-22 8.1 High2024-04-09
CVE-2024-2223 Incorrect Regular Expression in GravityZone Update Server (VA-11465) — GravityZone Control Center (On Premises)CWE-185 8.1 High2024-04-09
CVE-2023-6154 Local privilege escalation in Bitdefender Total Security (VA-11168) — Total SecurityCWE-15 7.8 High2024-04-01
CVE-2023-3633 Out of Bounds Memory Corruption Issue in CEVA Engine — EnginesCWE-787 8.1 High2023-07-14
CVE-2022-0357 Improper Quoting Path Issue in Bitdefender Total Security — Total SecurityCWE-428 6.7 Medium2023-05-24
CVE-2022-3369 Improper handling of registry symbolic links in Bitdefender Engines — EnginesCWE-269 8.6 High2022-11-01
CVE-2022-2830 Deserialization of Untrusted Data in GravityZone Console On-Premise (VA-10573) — GravityZone Console On-PremiseCWE-502 8.8 High2022-09-05
CVE-2022-0677 Improper Handling of Length Parameter Inconsistency vulnerability in Bitdefender Update Server (VA-10144) — Update ServerCWE-130 7.5 High2022-04-07
CVE-2021-4199 Incorrect Permission Assignment for Critical Resource vulnerability in BDReinit.exe (VA-10017) — Total SecurityCWE-732 7.8 High2022-03-07
CVE-2021-4198 messaging_ipc.dll NULL Pointer Dereference in multiple Bitdefender products (VA-10016) — Total SecurityCWE-476 6.1 Medium2022-03-07
CVE-2020-8107 Process Control vulnerability in Bitdefender Antivirus Plus — Antivirus PlusCWE-114 8.2 High2022-02-18
CVE-2021-3960 Privilege Escalation via the GravityZone productManager UpdateServer.KitsManager API (VA-10146) — GravityZoneCWE-22 7.1 High2021-12-16

This page lists every published CVE security advisory associated with Bitdefender. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.