ByteOS Network

Delphix

Source -

CNA

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

2Vulnerabilities found

CVE-2025-2903

Assigner-Perforce

View Details

Assigner-Perforce

CVSS Score-8.5||HIGH

EPSS-0.03% / 6.80%

7 Day CHG~0.00%

Published-17 Apr, 2025 | 06:50

Updated-17 Apr, 2025 | 20:21

Privilege Chaining in Delphix

An attacker with knowledge of creating user accounts during VM deployment on Google Cloud Platform (GCP) using the OS Login feature, can login via SSH gaining command-line control of the operating system. This allows an attacker to gain access to sensitive data stored on the VM, install malicious software, and disrupt or disable the functionality of the VM.

Vendor-Perforce Software, Inc.

Product-Delphix

CWE ID-CWE-267

Privilege Defined With Unsafe Actions

CWE ID-CWE-268

Privilege Chaining

CVE-2025-3113

Assigner-Perforce

View Details

Assigner-Perforce

CVSS Score-9||CRITICAL

EPSS-0.07% / 23.03%

7 Day CHG~0.00%

Published-17 Apr, 2025 | 06:41

Updated-17 Apr, 2025 | 20:21

Improper Access Control in Delphix Masking Engine

A valid, authenticated user with sufficient privileges and who is aware of Continuous Compliance’s internal database configurations can leverage the application’s built-in Connector functionality to access Continuous Compliance’s internal database. This allows the user to explore the internal database schema and export its data, including the properties of Connecters and Rule Sets.

Vendor-Perforce Software, Inc.

Product-Delphix

CWE ID-CWE-284

Improper Access Control