Description
Execution with unnecessary privileges in Forcepoint NGFW Engine allows local privilege escalation.This issue affects NGFW Engine through 6.10.19, through 7.3.0, through 7.2.4, through 7.1.10.
Published: 2026-03-11
Score: 7.3 High
EPSS: < 1% Very Low
KEV: No
Impact: Local Privilege Escalation
Action: Apply Patch
AI Analysis

Impact

The vulnerability allows an assailant with local access to gain unnecessary privileges in the Forcepoint NGFW Engine. The flaw enables a local privilege escalation that could lead to elevated permissions, potentially giving the attacker full control over the system’s configuration, monitoring, and management functions. This is a direct impact on confidentiality, integrity, and availability of the device and any networks it protects.

Affected Systems

Affected products include Forcepoint NGFW Engine. Versions affected are all releases up to 6.10.19, 7.1.10, 7.2.4, and 7.3.0, as indicated by the vendor’s reference list.

Risk and Exploitability

The CVSS score of 7.3 classifies it as a high‑severity flaw, but the EPSS score of less than 1% suggests a low probability of exploitation in the wild. Since the vulnerability requires local access, the attack vector is local, limiting exposure to the device’s operator or someone physically present. The flaw is not listed in the CISA KEV catalog. Exploitation would require a user with read‑write access to the engine’s working directory or ability to place tampered configuration files; once executed, the attacker could gain root or administrator privileges on the device.

Generated by OpenCVE AI on March 17, 2026 at 14:44 UTC.

Remediation

Vendor Solution

Upgrade to versions 6.10.20, 7.1.11, 7.2.5 and 7.3.1.

OpenCVE Recommended Actions

  • Upgrade Forcepoint NGFW Engine to the following versions: 6.10.20, 7.1.11, 7.2.5, or 7.3.1

Generated by OpenCVE AI on March 17, 2026 at 14:44 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 12 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Forcepoint
Forcepoint ngfw Engine
Vendors & Products Forcepoint
Forcepoint ngfw Engine

Wed, 11 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 11 Mar 2026 16:00:00 +0000

Type Values Removed Values Added
Description Execution with unnecessary privileges in Forcepoint NGFW Engine allows local privilege escalation.This issue affects NGFW Engine through 6.10.19, through 7.3.0, through 7.2.4, through 7.1.10.
Title Local Privilege Escalation in NGFW Engine
Weaknesses CWE-250
References
Metrics cvssV4_0

{'score': 7.3, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Forcepoint Ngfw Engine
cve-icon MITRE

Status: PUBLISHED

Assigner: forcepoint

Published:

Updated: 2026-03-11T16:10:28.588Z

Reserved: 2025-11-04T10:07:46.152Z

Link: CVE-2025-12690

cve-icon Vulnrichment

Updated: 2026-03-11T16:10:25.394Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-11T16:16:18.233

Modified: 2026-03-12T21:08:22.643

Link: CVE-2025-12690

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-23T09:55:30Z

Weaknesses