Data Parsing Flaw in Perforce Product Exposes Sensitive Information
CVE-2025-14591

5.3MEDIUM

Key Information:

Vendor: Perforce
Status: Delphix Continuous Compliance
Vendor: CVE Published:; 20 December 2025

What is CVE-2025-14591?

A notable vulnerability exists in the Perforce Versioning Engine, related to the handling of End-of-Record (EOR) characters in delimited files. Despite a recent patch aimed at correcting this issue, the implementation of an incorrect EOR configuration can lead to inaccurate data parsing. This flaw allows for the potential exposure of personally identifiable information (PII), compromising the privacy and security of users. Organizations utilizing affected versions of Perforce must assess their systems and implement necessary updates to mitigate risks associated with this vulnerability.

Affected Version(s)

Delphix Continuous Compliance 2025.3.0

References

https://portal.perforce.com/s/article/TB137

https://portal.perforce.com/s/cve/a91Qi000002fThdIAE/pii-...

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 20, 2025
Vulnerability Reserved
Dec 12, 2025

JSON