CVE-2025-12694 PUBLISHED

Local Privilege Escalation in VPN Client

Assigner: forcepoint
Reserved: 04.11.2025 Published: 04.06.2026 Updated: 04.06.2026

A local privilege escalation vulnerability exists in Forcepoint VPN Client that allows a local non-administrative user to escalate privileges to SYSTEM. This issue affects VPN Client for Windows: versions 6.11.3 and prior.

Metrics

CVSS 4.0

CVSS Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CVSS Score: 8.5

Exploitability Metrics		Vulnerable System Impact Metrics		Subsequent System Impact Metrics
Attack Vector	Local	Confidentiality	High	Confidentiality	None
Attack Complexity	Low	Integrity	High	Integrity	None
Attack Requirements	None	Availability	High	Availability	None
Privileges Required	Low
User Interaction	None

CVSS 4.0

Product Status

Vendor	Forcepoint
Product	VPN Client
Versions	Default: unaffected affected from 0 to 6.11.3 (incl.)

Solutions

Fixed in 6.12.0

Credits

Francisco Jose Carot Ripolles (KPMG Spain) finder

References

https://support.forcepoint.com/s/article/Security-Advisory-Local-Privilege-Escalation-in-VPN-Client-for-Windows

Problem Types

CWE-250 Execution with unnecessary privileges CWE

Impacts

CAPEC-233 Privilege Escalation