CVE-2025-0431

Name of the Vulnerable Software and Affected Versions Enterprise Protection versions 8.18 through 8.21 prior to 8.21.0 patch 5115, 8.20.6 patch 5114 and 8.18.6 patch 5113

Description The issue is related to improper filtering of backslashes within URLs in the URL rewriting feature, allowing an unauthenticated remote attacker to send an email that bypasses URL protections. This impacts the integrity of the recipient's email.

Recommendations For versions 8.18 through 8.20, apply the respective patches (8.18.6 patch 5113 for version 8.18, 8.20.6 patch 5114 for version 8.20) to resolve the issue. For version 8.21, apply patch 5115 to resolve the issue. As a temporary workaround, consider restricting the use of URL rewriting until a patch is applied.