Primary

Context

Perforce Helix Core Command-Line Client Code Injection Vulnerability

Vulnerability

Patched

A code injection vulnerability has been identified in the Command-Line Client of Perforce Helix Core P4 Server, affecting versions prior to 2025.2 Patch 2. This vulnerability has been addressed in the 2025.2 Patch 2 release.

Impact

Exploitation of this vulnerability allows for code injection, which could be executed in the context of the user running the Command-Line Client.

Remediation

Users can upgrade to Perforce Helix Core 2025.2 Patch 2 to address this vulnerability.

Added: May 18, 2026, 9:20 AM

Updated: May 18, 2026, 9:20 AM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

7.5

exploitability

6.0

remediation

7.7

relevance

8.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

7.5

exploitability

6.0

remediation

7.7

relevance

8.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Perforce Helix Core Command-Line Client Code Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Perforce Helix Core

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating