CVE-2025-0431
5.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
Summary
Enterprise Protection contains a vulnerability in URL rewriting that allows an unauthenticated remote attacker to send an email which bypasses URL protections impacting the integrity of recipient's email. This occurs due to improper filtering of backslashes within URLs and affects all versions of 8.21, 8.20 and 8.18 prior to 8.21.0 patch 5115, 8.20.6 patch 5114 and 8.18.6 patch 5113 respectively.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Proofpoint | Enterprise Protection | 8.18.6 < patch 5113 | affected |
| Proofpoint | Enterprise Protection | 8.20.6 < patch 5114 | affected |
| Proofpoint | Enterprise Protection | 8.21.0 < patch 5115 | affected |
Weaknesses
- CWE-790: CWE-790 Improper Filtering of Special Elements
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.