CVE-2025-14026 | THREATINT

Description

Forcepoint One DLP Client, version 23.04.5642 (and possibly newer versions), includes a restricted version of Python 2.5.4 that prevents use of the ctypes library. ctypes is a foreign function interface (FFI) for Python, enabling calls to DLLs/shared libraries, memory allocation, and direct code execution. It was demonstrated that these restrictions could be bypassed.

PUBLISHED Reserved 2025-12-04 | Published 2026-01-06 | Updated 2026-01-06 | Assigner certcc

Problem types

CWE-1104 Use of Unmaintained Third-Party Components

CWE-1395 Dependency on a Vulnerable Third-Party Component

CWE-676 Use of Potentially Dangerous Function

Product status

23.11

affected

References

www.kb.cert.org/vuls/id/420440

support.forcepoint.com/s/article/000042256

kb.cert.org/vuls/id/420440

cve.org (CVE-2025-14026)

nvd.nist.gov (CVE-2025-14026)

Download JSON