Bitdefender Security Vulnerabilities (CVEs)

Track 24 security vulnerabilities affecting Bitdefender products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.

3 Critical

18 High

3 Medium

Sort by:

🔔 Get Alerts for Bitdefender

CVE-2025-7073 7.8

This CVE describes a local privilege escalation vulnerability in Bitdefender Total Security where low-privileged attackers can delete arbitrary files ...

Dec 10, 2025

CVE-2025-5317 5.5

This vulnerability allows local users with administrative privileges on macOS systems to bypass Bitdefender's uninstall password protection. Attackers...

Nov 11, 2025

CVE-2025-1987 6.1

This CVE describes a stored Cross-Site Scripting (XSS) vulnerability in Psono-Client, as used in Bitdefender SecurePass, where malicious JavaScript UR...

Jun 21, 2025

CVE-2025-2243 7.3

A server-side request forgery (SSRF) vulnerability in Bitdefender GravityZone Console allows attackers to bypass input validation using leading charac...

Apr 4, 2025

CVE-2025-2244 9.8

This vulnerability allows remote attackers to execute arbitrary code on Bitdefender GravityZone Console servers by exploiting insecure PHP deserializa...

Apr 4, 2025

CVE-2024-13871 8.8

An unauthenticated command injection vulnerability in Bitdefender Box 1 allows network-adjacent attackers to execute arbitrary commands on the device,...

Mar 12, 2025

CVE-2024-13872 7.5

This vulnerability allows network-adjacent attackers to perform man-in-the-middle attacks against Bitdefender Box devices during updates, potentially ...

Mar 12, 2025

CVE-2024-13870 5.7

An unauthenticated attacker within WiFi range can downgrade Bitdefender Box 1 firmware to older vulnerable versions when the device is in Recovery Mod...

Mar 12, 2025

CVE-2024-11128 7.8

This vulnerability allows attackers to inject malicious dynamic libraries into Bitdefender Virus Scanner on macOS, bypassing Apple's security protecti...

Jan 13, 2025

CVE-2023-49570 7.4

This vulnerability in Bitdefender Total Security's HTTPS scanning feature incorrectly trusts certificates that aren't authorized to issue certificates...

Oct 18, 2024

CVE-2023-6055 7.4

This vulnerability in Bitdefender Total Security's HTTPS scanning allows attackers to perform Man-in-the-Middle attacks by intercepting communications...

Oct 18, 2024

CVE-2023-6057 7.4

This vulnerability in Bitdefender Total Security's HTTPS scanning feature improperly trusts DSA-signed certificates, allowing attackers to perform man...

Oct 18, 2024

CVE-2024-6980 9.8

A verbose error handling issue in the GravityZone Update Server proxy service allows attackers to perform server-side request forgery (SSRF) attacks. ...

Jul 31, 2024

CVE-2024-4177 8.1

A host whitelist parser vulnerability in the GravityZone Update Server proxy service allows attackers to perform server-side request forgery (SSRF). T...

Jun 6, 2024

CVE-2024-2223 8.1

An incorrect regular expression in Bitdefender GravityZone Update Server allows attackers to perform Server-Side Request Forgery (SSRF) and reconfigur...

Apr 9, 2024

CVE-2023-6154 7.8

This vulnerability in Bitdefender security products allows attackers to manipulate configuration settings to load unauthorized third-party libraries d...

Apr 1, 2024

CVE-2023-3633 8.1

An out-of-bounds write vulnerability in Bitdefender Engines on Windows allows memory corruption that can crash the engine. This affects Bitdefender pr...

Jul 14, 2023

CVE-2022-0677 7.5

This vulnerability allows an attacker to cause a Denial-of-Service (DoS) in Bitdefender's Update Server and GravityZone components by exploiting impro...

Apr 7, 2022

CVE-2021-4199 7.8

This vulnerability allows a local attacker to escalate privileges to SYSTEM by exploiting incorrect permissions in BDReinit.exe, Bitdefender's crash h...

Mar 7, 2022

CVE-2020-8107 8.2

This vulnerability allows attackers to tamper with Bitdefender antivirus settings by loading a specially crafted DLL file into ProductAgentUI.exe. It ...

Feb 18, 2022

CVE-2021-3960 7.1

This path traversal vulnerability in Bitdefender GravityZone's UpdateServer component allows attackers to escape restricted directories and execute ar...

Dec 16, 2021

CVE-2021-3554 9.0

This vulnerability allows attackers to manipulate the remote address used for pulling patches in Bitdefender's patchesUpdate API on Linux systems conf...

Nov 24, 2021

CVE-2021-3579 7.8

This vulnerability allows a local attacker to escalate privileges to SYSTEM level on Windows systems by exploiting incorrect default permissions in Bi...

Oct 28, 2021

CVE-2021-3423 7.8

This vulnerability allows attackers to load malicious DLL files via an uncontrolled search path in the OpenSSL component of Bitdefender GravityZone Bu...

May 18, 2021

Why Monitor Bitdefender Security Vulnerabilities?

Real-time CVE tracking: Our automated system monitors 24+ known vulnerabilities affecting Bitdefender products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.

Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Bitdefender packages in under 60 seconds. No agents required - completely agentless scanning that works across Bitdefender deployments.

Free vulnerability database: Access detailed information about every Bitdefender CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.

🚀 Get Started in 60 Seconds

Register free account & add your servers
Run one-time scan or schedule automatic monitoring (every 1-24 hours)
Receive instant alerts when new Bitdefender CVEs affect your systems
Access dashboard with severity breakdown & fix instructions

Start Monitoring Bitdefender CVEs Free