CVE-2025-14026 (GCVE-0-2025-14026)
Vulnerability from cvelistv5 – Published: 2026-01-06 14:45 – Updated: 2026-01-06 16:04
VLAI
Title
Vulnerable Python version used in Forcepoint One DLP Client
Summary
Forcepoint One DLP Client, version 23.04.5642 (and possibly newer versions), includes a restricted version of Python 2.5.4 that prevents use of the ctypes library. ctypes is a foreign function interface (FFI) for Python, enabling calls to DLLs/shared libraries, memory allocation, and direct code execution. It was demonstrated that these restrictions could be bypassed.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Forcepoint | Forcepoint One Endpoint (F1E) |
Affected:
23.11
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-14026",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-06T15:19:38.095565Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-06T15:49:19.033Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2026-01-06T16:04:41.042Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.kb.cert.org/vuls/id/420440"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Forcepoint One Endpoint (F1E)",
"vendor": "Forcepoint",
"versions": [
{
"status": "affected",
"version": "23.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Forcepoint One DLP Client, version 23.04.5642 (and possibly newer versions), includes a restricted version of Python 2.5.4 that prevents use of the ctypes library. ctypes is a foreign function interface (FFI) for Python, enabling calls to DLLs/shared libraries, memory allocation, and direct code execution. It was demonstrated that these restrictions could be bypassed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-1104 Use of Unmaintained Third-Party Components",
"lang": "en"
}
]
},
{
"descriptions": [
{
"description": "CWE-1395 Dependency on a Vulnerable Third-Party Component",
"lang": "en"
}
]
},
{
"descriptions": [
{
"description": "CWE-676 Use of Potentially Dangerous Function",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-06T14:46:30.519Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://support.forcepoint.com/s/article/000042256"
},
{
"url": "https://kb.cert.org/vuls/id/420440"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Vulnerable Python version used in Forcepoint One DLP Client",
"x_generator": {
"engine": "VINCE 3.0.31",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2025-14026"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2025-14026",
"datePublished": "2026-01-06T14:45:29.207Z",
"dateReserved": "2025-12-04T13:44:38.515Z",
"dateUpdated": "2026-01-06T16:04:41.042Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-14026",
"date": "2026-07-01",
"epss": "0.00178",
"percentile": "0.07573"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-14026\",\"sourceIdentifier\":\"cret@cert.org\",\"published\":\"2026-01-06T15:15:42.057\",\"lastModified\":\"2026-06-17T08:35:11.813\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Forcepoint One DLP Client, version 23.04.5642 (and possibly newer versions), includes a restricted version of Python 2.5.4 that prevents use of the ctypes library. ctypes is a foreign function interface (FFI) for Python, enabling calls to DLLs/shared libraries, memory allocation, and direct code execution. It was demonstrated that these restrictions could be bypassed.\"},{\"lang\":\"es\",\"value\":\"Cliente Forcepoint One DLP, versi\u00f3n 23.04.5642 (y posiblemente versiones m\u00e1s recientes), incluye una versi\u00f3n restringida de Python 2.5.4 que impide el uso de la biblioteca ctypes. ctypes es una interfaz de funci\u00f3n externa (FFI) para Python, lo que permite llamadas a DLLs/bibliotecas compartidas, asignaci\u00f3n de memoria y ejecuci\u00f3n directa de c\u00f3digo. Se demostr\u00f3 que estas restricciones podr\u00edan ser eludidas.\"}],\"affected\":[{\"source\":\"cret@cert.org\",\"affectedData\":[{\"vendor\":\"Forcepoint\",\"product\":\"Forcepoint One Endpoint (F1E)\",\"versions\":[{\"version\":\"23.11\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-01-06T15:19:38.095565Z\",\"id\":\"CVE-2025-14026\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"total\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:forcepoint:one_data_loss_prevention:23.04.5642:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F50374A-170E-4EBF-9966-3604003FB87F\"}]}]}],\"references\":[{\"url\":\"https://kb.cert.org/vuls/id/420440\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.forcepoint.com/s/article/000042256\",\"source\":\"cret@cert.org\",\"tags\":[\"Permissions Required\"]},{\"url\":\"https://www.kb.cert.org/vuls/id/420440\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.8, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-14026\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-01-06T15:19:38.095565Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-1104\", \"description\": \"CWE-1104 Use of Unmaintained Third Party Components\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-1395\", \"description\": \"CWE-1395 Dependency on Vulnerable Third-Party Component\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-676\", \"description\": \"CWE-676 Use of Potentially Dangerous Function\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-01-06T15:20:24.266Z\"}}], \"cna\": {\"title\": \"Vulnerable Python version used in Forcepoint One DLP Client\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"affected\": [{\"vendor\": \"Forcepoint\", \"product\": \"Forcepoint One Endpoint (F1E)\", \"versions\": [{\"status\": \"affected\", \"version\": \"23.11\"}]}], \"references\": [{\"url\": \"https://support.forcepoint.com/s/article/000042256\"}, {\"url\": \"https://kb.cert.org/vuls/id/420440\"}], \"x_generator\": {\"env\": \"prod\", \"engine\": \"VINCE 3.0.31\", \"origin\": \"https://cveawg.mitre.org/api/cve/CVE-2025-14026\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Forcepoint One DLP Client, version 23.04.5642 (and possibly newer versions), includes a restricted version of Python 2.5.4 that prevents use of the ctypes library. ctypes is a foreign function interface (FFI) for Python, enabling calls to DLLs/shared libraries, memory allocation, and direct code execution. It was demonstrated that these restrictions could be bypassed.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"CWE-1104 Use of Unmaintained Third-Party Components\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"description\": \"CWE-1395 Dependency on a Vulnerable Third-Party Component\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"description\": \"CWE-676 Use of Potentially Dangerous Function\"}]}], \"providerMetadata\": {\"orgId\": \"37e5125f-f79b-445b-8fad-9564f167944b\", \"shortName\": \"certcc\", \"dateUpdated\": \"2026-01-06T14:46:30.519Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-14026\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-01-06T15:49:19.033Z\", \"dateReserved\": \"2025-12-04T13:44:38.515Z\", \"assignerOrgId\": \"37e5125f-f79b-445b-8fad-9564f167944b\", \"datePublished\": \"2026-01-06T14:45:29.207Z\", \"assignerShortName\": \"certcc\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…