CVE-2025-14026

Summary

Forcepoint One DLP Client, version 23.04.5642 (and possibly newer versions), includes a restricted version of Python 2.5.4 that prevents use of the ctypes library. ctypes is a foreign function interface (FFI) for Python, enabling calls to DLLs/shared libraries, memory allocation, and direct code execution. It was demonstrated that these restrictions could be bypassed.

Affected Software

VendorProductVersion RangeStatus
ForcepointForcepoint One Endpoint (F1E)23.11affected

Weaknesses

  • CWE-1104 Use of Unmaintained Third-Party Components
  • CWE-1395 Dependency on a Vulnerable Third-Party Component
  • CWE-676 Use of Potentially Dangerous Function

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References