CVE-2025-0431 MEDIUM

CVE-2025-0431: Enterprise Protection Backslash URL Rewrite Bypass

Vendor Proofpoint
Product Enterprise Protection
Weakness CWE-790
Published March 19, 2025
Last update March 19, 2025

CVSS base score

5.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

What the vulnerability does

01Description

Enterprise Protection contains a vulnerability in URL rewriting that allows an unauthenticated remote attacker to send an email which bypasses URL protections impacting the integrity of recipient's email. This occurs due to improper filtering of backslashes within URLs and affects all versions of 8.21, 8.20 and 8.18 prior to 8.21.0 patch 5115, 8.20.6 patch 5114 and 8.18.6 patch 5113 respectively.

Key dates

02Disclosure timeline

March 19, 2025 CVE published
March 19, 2025 Record updated