Primary

Context

Delphix PII Leak Vulnerability Due to Improper EOR Character Handling

Vulnerability

A vulnerability has been identified in Delphix Continuous Compliance versions 2025.3.0 and above, allowing for a leak of personally identifiable information (PII). This issue arises from a recent bug fix that aimed to properly manage CR+LF End-of-Record (EOR) characters in delimited files. When an incorrect EOR configuration is used, it can lead to inaccurate data parsing, leaving PII unmasked and exposed.

Impact

The vulnerability can result in the unintentional exposure of unmasked PII, allowing unauthorized access to sensitive personal data.

Remediation

Users should verify that their EOR configuration matches the file format and review masking job reports for expected row counts. If discrepancies are found, reconfigure the masking jobs accordingly.

Added: Dec 20, 2025, 4:21 AM

Updated: Dec 20, 2025, 4:21 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

0.0

relevance

1.6

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

0.0

relevance

1.6

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Delphix PII Leak Vulnerability Due to Improper EOR Character Handling

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating