Privilege Escalation and Code Injection in Forcepoint FIE Endpoint
CVE-2025-2272

7.3HIGH

Key Information:

Vendor

Forcepoint

Vendor
CVE Published:
22 May 2025

What is CVE-2025-2272?

The Forcepoint FIE Endpoint suffers from an Uncontrolled Search Path Element vulnerability, enabling attackers to escalate privileges, inject malicious code, and hijack privileged processes. This vulnerability affects all FIE Endpoint versions released before 25.05. Users are encouraged to update their software to mitigate potential risks.

Affected Version(s)

FIE Endpoint 0

References

CVSS V4

Score:
7.3
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Brecht Snijders, Triskele Labs
.
CVE-2025-2272 : Privilege Escalation and Code Injection in Forcepoint FIE Endpoint