CVE-2025-3113 CRITICAL

CVE-2025-3113: Improper Access Control in Delphix Masking Engine

Vendor Perforce

Product Delphix

Weakness CWE-284

Published April 17, 2025

Last update April 17, 2025

View on NVD All CVEs

CVSS base score

9.0/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

What the vulnerability does

01Description

A valid, authenticated user with sufficient privileges and who is aware of Continuous Compliance’s internal database configurations can leverage the application’s built-in Connector functionality to access Continuous Compliance’s internal database. This allows the user to explore the internal database schema and export its data, including the properties of Connecters and Rule Sets.

Key dates

02Disclosure timeline

April 17, 2025 CVE published

April 17, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-3113 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/284.html

Related vulnerabilities

CVE-2025-3113: Improper Access Control in Delphix Masking Engine

01Description

02Disclosure timeline

03References

04Related CVE