CVE-2025-14026

{"id": "CVE-2025-14026", "cveTags": [], "metrics": {"ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2025-14026", "role": "CISA Coordinator", "options": [{"exploitation": "none"}, {"automatable": "no"}, {"technicalImpact": "total"}], "version": "2.0.3", "timestamp": "2026-01-06T15:19:38.095565Z"}}], "cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "affected": [{"source": "cret@cert.org", "affectedData": [{"vendor": "Forcepoint", "product": "Forcepoint One Endpoint (F1E)", "versions": [{"status": "affected", "version": "23.11"}]}]}], "published": "2026-01-06T15:15:42.057", "references": [{"url": "https://kb.cert.org/vuls/id/420440", "tags": ["Third Party Advisory"], "source": "cret@cert.org"}, {"url": "https://support.forcepoint.com/s/article/000042256", "tags": ["Permissions Required"], "source": "cret@cert.org"}, {"url": "https://www.kb.cert.org/vuls/id/420440", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Forcepoint One DLP Client, version 23.04.5642 (and possibly newer versions), includes a restricted version of Python 2.5.4 that prevents use of the ctypes library. ctypes is a foreign function interface (FFI) for Python, enabling calls to DLLs/shared libraries, memory allocation, and direct code execution. It was demonstrated that these restrictions could be bypassed."}, {"lang": "es", "value": "Cliente Forcepoint One DLP, versi\u00f3n 23.04.5642 (y posiblemente versiones m\u00e1s recientes), incluye una versi\u00f3n restringida de Python 2.5.4 que impide el uso de la biblioteca ctypes. ctypes es una interfaz de funci\u00f3n externa (FFI) para Python, lo que permite llamadas a DLLs/bibliotecas compartidas, asignaci\u00f3n de memoria y ejecuci\u00f3n directa de c\u00f3digo. Se demostr\u00f3 que estas restricciones podr\u00edan ser eludidas."}], "lastModified": "2026-06-17T08:35:11.813", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:forcepoint:one_data_loss_prevention:23.04.5642:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0F50374A-170E-4EBF-9966-3604003FB87F"}], "operator": "OR"}]}], "sourceIdentifier": "cret@cert.org"}