CVE-2025-14591
BaseFortify
Publication date: 2025-12-20
Last updated on: 2026-01-05
Assigner: Perforce
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| perforce | delphix_continuous_compliance | From 2025.3.0.0 (inc) to 2025.6.0.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability arises from an issue introduced after a bug fix intended to correctly handle CR+LF (Windows and DOS) End-of-Record characters in delimited files. If an incorrect End-of-Record configuration is used, it can cause inaccurate parsing of these files, which may result in personally identifiable information (PII) not being properly masked.
How can this vulnerability impact me? :
The impact of this vulnerability is that inaccurate parsing due to incorrect End-of-Record configuration can leave personally identifiable information (PII) unmasked. This exposure of sensitive data could lead to privacy breaches and unauthorized access to personal information.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability can lead to inaccurate parsing and leave personally identifiable information (PII) unmasked due to incorrect End-of-Record configuration. As a result, it may cause non-compliance with standards and regulations such as GDPR and HIPAA that require proper protection and masking of PII.