CVE-2025-14026
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Forcepoint One DLP Client, version 23.04.5642 (and possibly newer versions), includes a restricted version of Python 2.5.4 that prevents use of the ctypes library. ctypes is a foreign function interface (FFI) for Python, enabling calls to DLLs/shared libraries, memory allocation, and direct code execution. It was demonstrated that these restrictions could be bypassed.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Forcepoint | Forcepoint One Endpoint (F1E) | 23.11 | affected |
Weaknesses
- CWE-1104 Use of Unmaintained Third-Party Components
- CWE-1395 Dependency on a Vulnerable Third-Party Component
- CWE-676 Use of Potentially Dangerous Function
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.