CVE-2025-2272 | THREATINT

Description

Uncontrolled Search Path Element vulnerability in Forcepoint FIE Endpoint allows Privilege Escalation, Code Injection, Hijacking a privileged process.This issue affects FIE Endpoint: before 25.05.

PUBLISHED Reserved 2025-03-13 | Published 2025-05-22 | Updated 2025-05-22 | Assigner forcepoint

HIGH: 7.0CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

HIGH: 7.3CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-427 Uncontrolled Search Path Element

Product status

Default status

affected

Any version before 25.05

affected

Credits

Brecht Snijders, Triskele Labs finder

References

support.forcepoint.com/...ary-code-execution-in-F1E-Endpoint

cve.org (CVE-2025-2272)

nvd.nist.gov (CVE-2025-2272)

Download JSON