Bitdefender — Vulnerabilities & Security Advisories 73

Browse all 73 CVE security advisories affecting Bitdefender. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Bitdefender operates primarily as a cybersecurity firm specializing in endpoint protection, antivirus software, and threat intelligence services for both consumer and enterprise markets. Its extensive product portfolio, including antivirus engines and security suites, has historically been associated with various vulnerability classes, notably remote code execution (RCE), cross-site scripting (XSS), and privilege escalation flaws within its desktop applications and web interfaces. With 73 CVEs currently on record, these issues often stem from improper input validation, insecure default configurations, or memory corruption errors in legacy components. While the company maintains a robust security posture through regular updates and a dedicated bug bounty program, past incidents highlight the complexity of securing comprehensive security platforms. These vulnerabilities typically require local access or specific user interactions to exploit, though some remote vectors have been identified, emphasizing the need for diligent patch management across its diverse software ecosystem.

CVEs 73

CVE ID	Title	CVSS	Severity	Published
CVE-2025-7073	Local Privilege Escalation via Arbitrary File Operation in Bitdefender Total Security — Total SecurityCWE-59	7.8^AI	High^AI	2025-12-10
CVE-2025-5317	Improper access restriction to critical folder in Bitdefender Endpoint Security Tools for Mac — Endpoint Security Tools for MacCWE-862	4.4	-	2025-11-11
CVE-2025-2245	Server Side Request Forgery in GravityZone Update Server Using Null Bytes (VA-12646) — GravityZone Update ServerCWE-918	9.1^AI	Critical^AI	2025-04-04
CVE-2025-2243	SSRF in GravityZone Console via DNS Truncation (VA-12634) — GravityZone ConsoleCWE-918	9.8^AI	Critical^AI	2025-04-04
CVE-2025-2244	Insecure PHP deserialization issue in GravityZone Console (VA-12634) — GravityZone ConsoleCWE-502	9.8^AI	Critical^AI	2025-04-04
CVE-2024-13870	Unauthenticated Firmware Downgrade in Bitdefender Box v1 — BOX v1CWE-1328	5.3	-	2025-03-12
CVE-2024-13871	Unauthenticated Command Injection in Bitdefender BOX v1 — BOX v1CWE-77	8.8	-	2025-03-12
CVE-2024-13872	Bitdefender Box Insecure Update Mechanism Vulnerability in libboxhermes.so — BOX v1CWE-319	7.5	-	2025-03-12
CVE-2020-8094	Untrusted Search Path Vulnerability in Bitdefender Antivirus Free 2020 (VA-8422) — Antivirus Free 2020CWE-426	7.3	-	2025-01-15
CVE-2024-11128	Insufficient Hardened Runtime or Library Validation signing in Bitdefender Virus Scanner for macOS — Virus ScannerCWE-269	7.8	-	2025-01-13
CVE-2023-49570	Insecure Trust of Basic Constraints certificate in Bitdefender Total Security HTTPS Scanning (VA-11210) — Total SecurityCWE-295	7.4	-	2024-10-18
CVE-2023-49567	Insecure Trust of certificates using collision hash functions in Bitdefender Total Security HTTPS Scanning (VA-11239) — Total SecurityCWE-295	7.4	-	2024-10-18
CVE-2023-6058	HTTPS Certificate Validation Issue in Bitdefender Safepay (VA-11167) — Total SecurityCWE-295	7.4	-	2024-10-18
CVE-2023-6057	Insecure Trust of DSA-Signed Certificates in Bitdefender Total Security HTTPS Scanning (VA-11166) — Total SecurityCWE-295	5.9	-	2024-10-18
CVE-2023-6056	Insecure Trust of Self-Signed Certificates in Bitdefender Total Security HTTPS Scanning (VA-11164) — Total SecurityCWE-295	7.4	-	2024-10-18
CVE-2023-6055	Improper Certificate Validation in Bitdefender Total Security HTTPS Scanning (VA-11158) — Total SecurityCWE-295	7.4	-	2024-10-18
CVE-2024-6980	Verbose error handling issue in GravityZone Update Server proxy service — GravityZone Update ServerCWE-209	9.8^AI	Critical^AI	2024-07-31
CVE-2024-4177	Host whitelist parser issue in GravityZone Console On-Premise (VA-11554) — GravityZone Console On-PremiseCWE-116	8.1	High	2024-06-06
CVE-2024-2224	Privilege Escalation via the GravityZone productManager UpdateServer.KitsManager API (VA-11466) — GravityZone Control Center (On Premises)CWE-22	8.1	High	2024-04-09
CVE-2024-2223	Incorrect Regular Expression in GravityZone Update Server (VA-11465) — GravityZone Control Center (On Premises)CWE-185	8.1	High	2024-04-09
CVE-2023-6154	Local privilege escalation in Bitdefender Total Security (VA-11168) — Total SecurityCWE-15	7.8	High	2024-04-01
CVE-2023-3633	Out of Bounds Memory Corruption Issue in CEVA Engine — EnginesCWE-787	8.1	High	2023-07-14
CVE-2022-0357	Improper Quoting Path Issue in Bitdefender Total Security — Total SecurityCWE-428	6.7	Medium	2023-05-24
CVE-2022-3369	Improper handling of registry symbolic links in Bitdefender Engines — EnginesCWE-269	8.6	High	2022-11-01
CVE-2022-2830	Deserialization of Untrusted Data in GravityZone Console On-Premise (VA-10573) — GravityZone Console On-PremiseCWE-502	8.8	High	2022-09-05
CVE-2022-0677	Improper Handling of Length Parameter Inconsistency vulnerability in Bitdefender Update Server (VA-10144) — Update ServerCWE-130	7.5	High	2022-04-07
CVE-2021-4199	Incorrect Permission Assignment for Critical Resource vulnerability in BDReinit.exe (VA-10017) — Total SecurityCWE-732	7.8	High	2022-03-07
CVE-2021-4198	messaging_ipc.dll NULL Pointer Dereference in multiple Bitdefender products (VA-10016) — Total SecurityCWE-476	6.1	Medium	2022-03-07
CVE-2020-8107	Process Control vulnerability in Bitdefender Antivirus Plus — Antivirus PlusCWE-114	8.2	High	2022-02-18
CVE-2021-3960	Privilege Escalation via the GravityZone productManager UpdateServer.KitsManager API (VA-10146) — GravityZoneCWE-22	7.1	High	2021-12-16

This page lists every published CVE security advisory associated with Bitdefender. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

Bitdefender — Vulnerabilities & Security Advisories 73