Skip to main content

Forcepoint VPN Client EUVDEUVD-2025-210063

| CVE-2025-12694 HIGH
Execution with Unnecessary Privileges (CWE-250)
2026-06-04 psirt@forcepoint.com GHSA-8w99-hmp7-97xw
8.5
CVSS 4.0 · Vendor: forcepoint
Share

Severity by source

Vendor (forcepoint) PRIMARY
8.5 HIGH
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from Vendor (forcepoint) · only source for this CVE.

CVSS VectorVendor: forcepoint

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

2
Analysis Generated
Jun 04, 2026 - 12:31 vuln.today
CVE Published
Jun 04, 2026 - 12:16 nvd
HIGH 8.5

DescriptionCVE.org

A local privilege escalation vulnerability exists in Forcepoint VPN Client that allows a local non-administrative user to escalate privileges to SYSTEM. This issue affects VPN Client for Windows: versions 6.11.3 and prior.

AnalysisAI

Local privilege escalation in Forcepoint VPN Client for Windows versions 6.11.3 and prior allows an authenticated low-privileged local user to elevate to SYSTEM. The flaw stems from execution with unnecessary privileges (CWE-250) and carries a CVSS 4.0 score of 8.5, but no public exploit identified at time of analysis. The vulnerability was reported and disclosed by Forcepoint PSIRT itself rather than a third party.

Technical ContextAI

Forcepoint VPN Client is the Windows endpoint agent that establishes IPsec/SSL tunnels to Forcepoint NGFW/Sidewinder gateways and runs persistent privileged services to manage network adapters, routing, and policy enforcement. The CWE-250 classification (Execution with Unnecessary Privileges) indicates that a SYSTEM-level component of the client performs operations on behalf of the logged-in user without sufficiently dropping or restricting privileges - common patterns include privileged services that load user-controlled files, expose insecure named pipes/IPC, invoke binaries from writable locations, or honor user-supplied paths. The scope-unchanged CVSS vector confirms the elevation is confined to the local Windows host but yields full Confidentiality, Integrity, and Availability impact (VC:H/VI:H/VA:H) consistent with NT AUTHORITY\SYSTEM compromise.

RemediationAI

Patch available per vendor advisory - upgrade Forcepoint VPN Client for Windows to a version released after 6.11.3 as directed in the Forcepoint Security Advisory at https://support.forcepoint.com/s/article/Security-Advisory-Local-Privilege-Escalation-in-VPN-Client-for-Windows; the advisory should be consulted for the exact fixed build number since it was not enumerated in the provided data. Until patching is complete, compensating controls include restricting interactive logon on endpoints that run the VPN client to trusted users only (which limits who can stage a local exploit but does not help against malware-initiated abuse), enforcing application allow-listing via WDAC or AppLocker to block unsigned helper binaries that an LPE chain may rely on, and monitoring EDR for suspicious child processes spawned by the Forcepoint VPN service or unexpected writes into its install directory; note that uninstalling or stopping the client service eliminates the vulnerability but also removes VPN connectivity, which is rarely acceptable for remote workers.

CVE-2020-13417 CRITICAL POC
9.8 May 22

An Elevation of Privilege issue was discovered in Aviatrix VPN Client before 2.10.7, because of an incomplete fix for CV

CVE-2019-17388 HIGH POC
7.8 Dec 05

Weak file permissions applied to the Aviatrix VPN Client through 2.2.10 installation directory on Windows and Linux allo

CVE-2019-17387 HIGH POC
7.8 Dec 05

An authentication flaw in the AVPNC_RP service in Aviatrix VPN Client through 2.2.10 allows an attacker to gain elevated

CVE-2019-6724 HIGH POC
7.8 Mar 21

The barracudavpn component of the Barracuda VPN Client prior to version 5.0.2.7 for Linux, macOS, and OpenBSD runs as a

CVE-2015-7600 HIGH POC
7.2 Oct 06

Cisco VPN Client 5.x through 5.0.07.0440 uses weak permissions for vpnclient.ini, which allows local users to gain privi

CVE-2019-6145 MEDIUM POC
6.7 Sep 20

Forcepoint VPN Client for Windows versions lower than 6.6.1 have an unquoted search path vulnerability. Rated medium sev

CVE-2020-13413 MEDIUM POC
5.3 May 22

An issue was discovered in Aviatrix Controller before 5.4.1204. Rated medium severity (CVSS 5.3), this vulnerability is

CVE-2021-31776 HIGH
7.8 Apr 29

Aviatrix VPN Client before 2.14.14 on Windows has an unquoted search path that enables local privilege escalation to the

CVE-2012-3052 MEDIUM
6.9 Sep 16

Untrusted search path vulnerability in Cisco VPN Client 5.0 allows local users to gain privileges via a Trojan horse DLL

CVE-2012-5429 MEDIUM
4.6 Jan 17

The VPN driver in Cisco VPN Client on Windows does not properly interact with the kernel, which allows local users to ca

Share

EUVD-2025-210063 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy