Privilege Escalation and Code Injection in Forcepoint FIE Endpoint
CVE-2025-2272

7.3HIGH

Key Information:

Vendor: Forcepoint
Status: Fie Endpoint
Vendor: CVE Published:; 22 May 2025

What is CVE-2025-2272?

The Forcepoint FIE Endpoint suffers from an Uncontrolled Search Path Element vulnerability, enabling attackers to escalate privileges, inject malicious code, and hijack privileged processes. This vulnerability affects all FIE Endpoint versions released before 25.05. Users are encouraged to update their software to mitigate potential risks.

Affected Version(s)

FIE Endpoint 0

References

https://support.forcepoint.com/s/article/Security-Advisor...

CVSS V4

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 22, 2025
Vulnerability Reserved
Mar 13, 2025

Credit

Brecht Snijders, Triskele Labs