CVE-2025-14591
📋 TL;DR
In Delphix Continuous Compliance 2025.3.0+, incorrect End-of-Record (EOR) configuration for delimited files can cause parsing errors that leave personally identifiable information (PII) unmasked. This affects organizations using Delphix for data masking/compliance who process delimited files with CR+LF line endings. The vulnerability exposes sensitive data that should be masked according to compliance policies.
💻 Affected Systems
- Delphix Continuous Compliance
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Full exposure of PII data (SSNs, credit cards, medical records) that should be masked, leading to data breach, regulatory fines, and reputational damage.
Likely Case
Partial PII exposure in delimited files with CR+LF endings, potentially violating GDPR, HIPAA, PCI-DSS, or other compliance requirements.
If Mitigated
Limited exposure if proper access controls and monitoring are in place, but compliance violations may still occur.
🎯 Exploit Status
Exploitation requires access to Delphix Continuous Compliance and knowledge of the incorrect EOR configuration. Attackers would need to either configure the system incorrectly or identify existing misconfigurations.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check vendor advisory for specific patched version
Vendor Advisory: https://portal.perforce.com/s/cve/a91Qi000002fThdIAE/pii-leak-due-to-change-in-eor-handling
Restart Required: Yes
Instructions:
1. Review vendor advisory for patched version. 2. Backup current configuration. 3. Apply vendor-provided patch or upgrade to fixed version. 4. Restart Delphix services. 5. Verify EOR configurations for all delimited file sources.
🔧 Temporary Workarounds
Reconfigure EOR Settings
allManually verify and correct End-of-Record configurations for all delimited file sources to ensure proper parsing
# Check current EOR configurations in Delphix Continuous Compliance
# Update EOR settings via Delphix CLI or GUI for affected data sources
Disable Delimited File Processing
allTemporarily disable processing of delimited files with CR+LF endings until patched
# Identify and pause data sources using delimited files with CR+LF
# Use Delphix management interface to suspend affected data operations
🧯 If You Can't Patch
- Implement strict access controls to limit who can view or export data from Delphix Continuous Compliance
- Enable enhanced logging and monitoring for data access patterns, particularly for delimited file exports
🔍 How to Verify
Check if Vulnerable:
Check Delphix version (must be 2025.3.0+) and review EOR configurations for delimited file sources, particularly those using CR+LF line endings.Check Version:
delphix version or check via Delphix administration interfaceVerify Fix Applied:
After patching, test with sample delimited files containing CR+LF endings and PII data to ensure proper masking occurs.📡 Detection & Monitoring
Log Indicators:
- Unusual data export patterns
- Access to delimited file sources with CR+LF endings
- Configuration changes to EOR settings
Network Indicators:
- Increased data transfer from Delphix systems
- Unusual API calls to data export endpoints
SIEM Query:
source="delphix" AND (event_type="data_export" OR event_type="configuration_change") AND (file_type="delimited" OR eor_config="CR+LF")