PatchSiren cyber security CVE debrief
CVE-2025-2274 Forcepoint CVE debrief
CVE-2025-2274 is a MEDIUM-severity vulnerability (CVSS Score: 4.8) affecting Forcepoint Web Security (On-Prem) on Windows. The issue, published on [cvePublishedAt](https://www.cve.org/CVERecord?id=CVE-2025-2274) and last modified on [cveModifiedAt](https://nvd.nist.gov/vuln/detail/CVE-2025-2274), is related to Improper Neutralization of Input During Web Page Generation, allowing for Stored Cross-Site Scripting (XSS). The vulnerability affects Web Security through version 8.5.6.
- Vendor
- Forcepoint
- Product
- Web Security
- CVSS
- MEDIUM 4.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-03-16
- Original CVE updated
- 2026-06-05
- Advisory published
- 2026-03-16
- Advisory updated
- 2026-06-05
Who should care
Administrators and users of Forcepoint Web Security (On-Prem) on Windows, particularly those with versions up to 8.5.6, should be aware of this vulnerability and take necessary actions to mitigate the risk.
Technical summary
The vulnerability is caused by improper neutralization of input during web page generation, which allows for Stored XSS attacks. This issue has been analyzed and verified by official sources.
Defensive priority
MEDIUM
Recommended defensive actions
- Update Forcepoint Web Security to a version beyond 8.5.6 to mitigate the Stored XSS vulnerability.
- Refer to the vendor advisory at [ref-4](https://support.forcepoint.com/s/article/Security-Advisory-Stored-Cross-Site-Scripting-in-Forcepoint-Web-Security) for additional guidance and mitigation strategies.
Evidence notes
The CVE and NVD details provide evidence of the vulnerability's existence and its impact on Forcepoint Web Security (On-Prem) on Windows.
Official resources
-
CVE-2025-2274 CVE record
CVE.org
-
CVE-2025-2274 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
CVE-2025-2274 was published on 2026-03-16T15:16:17.697Z and last modified on 2026-06-05T19:59:35.880Z.