CVE-2025-2274 is a stored Cross-Site Scripting (XSS) vulnerability classified under CWE-79, affecting Forcepoint Web Security (On-Prem) on Windows platforms through version 8.5.6. The vulnerability stems from improper neutralization of user-supplied input during the generation of web pages within the product, allowing malicious scripts to be stored and subsequently executed in the context of users accessing the affected web interface. The CVSS 4.0 base score is 4.8 (medium), with an attack vector of adjacent network (AV:A), low attack complexity (AC:L), no privileges required (PR:N), but requiring user interaction (UI:A). The vulnerability impacts confidentiality and integrity to a limited extent (VC:L, VI:L), with no impact on availability. There are no known public exploits or patches currently available, but the issue is publicly disclosed and assigned a CVE identifier. Stored XSS can be leveraged by attackers to perform session hijacking, defacement, or deliver further payloads, especially in administrative or user-facing portals. The vulnerability affects organizations deploying Forcepoint's on-premises web security solutions, which are commonly used to enforce web filtering and security policies within enterprise networks. The flaw requires an attacker to have access to the adjacent network and the ability to induce user interaction, which somewhat limits the attack surface but does not eliminate risk. The lack of patches necessitates proactive mitigation and monitoring until a vendor fix is released.

The primary impact of CVE-2025-2274 is the potential execution of malicious scripts within the context of the Forcepoint Web Security (On-Prem) web interface, which could lead to session hijacking, unauthorized actions, or information disclosure limited to the scope of the web application. While the vulnerability does not directly compromise system availability or allow privilege escalation, it undermines the integrity and confidentiality of user sessions and data handled by the web security platform. Organizations relying on this product for enforcing web security policies may face risks of internal user compromise, especially if attackers can inject persistent scripts that affect multiple users. The requirement for adjacent network access and user interaction reduces the likelihood of remote exploitation but does not eliminate insider threats or attacks originating from compromised internal hosts. The absence of known exploits in the wild suggests limited current active exploitation, but the public disclosure increases the risk of future attacks. Enterprises with large deployments of Forcepoint Web Security may experience targeted attacks aiming to bypass security controls or gather sensitive information from administrative interfaces.

1. Monitor Forcepoint’s official channels closely for the release of security patches addressing CVE-2025-2274 and apply them promptly once available. 2. Implement strict input validation and output encoding on all user-supplied data within the web security interface, if customization or configuration options allow, to reduce the risk of script injection. 3. Restrict network access to the Forcepoint Web Security management interface to trusted administrators only, using network segmentation and firewall rules to limit exposure to adjacent network attackers. 4. Enforce multi-factor authentication (MFA) for all users accessing the web interface to mitigate the risk of session hijacking. 5. Conduct regular security audits and penetration testing focusing on web application vulnerabilities, including XSS, to identify and remediate weaknesses proactively. 6. Deploy web application firewalls (WAFs) or intrusion detection/prevention systems (IDS/IPS) capable of detecting and blocking XSS payloads targeting the Forcepoint interface. 7. Educate users and administrators about the risks of clicking on suspicious links or interacting with untrusted content that could trigger stored XSS attacks. 8. Review and limit user privileges within the web security platform to minimize the impact of potential exploitation.