CVE-2025-3113: Improper Access Control in Delphix Masking Engine

9.0 CVSS

Description

A valid, authenticated user with sufficient privileges and who is aware of Continuous Compliance’s internal database configurations can leverage the application’s built-in Connector functionality to access Continuous Compliance’s internal database. This allows the user to explore the internal database schema and export its data, including the properties of Connecters and Rule Sets.

Classification

CVE ID: CVE-2025-3113

CVSS Base Severity: CRITICAL

CVSS Base Score: 9.0

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Problem Types

CWE-284 Improper Access Control

Affected Products

Vendor: Perforce

Product: Delphix

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 10.89% (scored less or equal to compared to others)

EPSS Date: 2025-04-18 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-3113
https://portal.perforce.com/s/detail/a91PA000001SeefYAC

Timeline

2025-04-17 07:40:14 UTC
CVE

Improper Access Control in Delphix Masking Engine