CVE-2025-0431 — MEDIUM (5.8)

Vulnerability Description

Enterprise Protection contains a vulnerability in URL rewriting that allows an unauthenticated remote attacker to send an email which bypasses URL protections impacting the integrity of recipient's email. This occurs due to improper filtering of backslashes within URLs and affects all versions of 8.21, 8.20 and 8.18 prior to 8.21.0 patch 5115, 8.20.6 patch 5114 and 8.18.6 patch 5113 respectively.

CVSS Score

5.8

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

NONE

Integrity

LOW

Availability

NONE

Related Weaknesses (CWE)

CWE-790

References

https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2025-0001

FAQ

What is CVE-2025-0431?

CVE-2025-0431 is a vulnerability with a CVSS score of 5.8 (MEDIUM). Enterprise Protection contains a vulnerability in URL rewriting that allows an unauthenticated remote attacker to send an email which bypasses URL protections impacting the integrity of recipient's em...

How severe is CVE-2025-0431?

CVE-2025-0431 has been rated MEDIUM with a CVSS base score of 5.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-0431?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.