Description
A local privilege escalation vulnerability exists in Forcepoint VPN Client that allows a local non-administrative user to escalate privileges to SYSTEM. This issue affects VPN Client for Windows: versions 6.11.3 and prior.
Published: 2026-06-04
Score: 8.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A local privilege escalation flaw in the Forcepoint VPN Client for Windows allows any non‑administrative user to gain SYSTEM privileges. The likely attack vector is local execution by a non‑administrative user, inferred from the description stating the vulnerability affects local users. If exploited, the attacker can run arbitrary code with full system rights, compromising confidentiality, integrity, and availability of the host. The vulnerability is identified as CWE‑250, but the description provides no additional details on the trigger or code path.

Affected Systems

Affected systems are Forcepoint VPN Client for Windows versions 6.11.3 and earlier, as noted in the vendor advisory. Users running any of these releases are vulnerable when the unpatched client is installed and operated by a local account.

Risk and Exploitability

The CVSS score of 8.5 classifies this issue as high severity. The likely attack vector is local access by a non‑administrative user, inferred from the description that the vulnerability affects local users. Exploitation requires local access, so only logged‑in users can trigger the behavior. EPSS data is not available, but the lack of publicly reported exploits and the absence from CISA’s KEV catalog suggest a relatively lower likelihood of widespread, automated attacks. Attackers would need to run the affected client or supply a crafted input to the local user to elevate privileges, after which they would obtain unrestricted system control.

Generated by OpenCVE AI on June 4, 2026 at 13:50 UTC.

Remediation

Vendor Solution

Fixed in 6.12.0

OpenCVE Recommended Actions

  • Upgrade Forcepoint VPN Client to version 6.12.0 or later
  • Restrict non‑administrative users from launching the VPN Client until the patch can be applied
  • Monitor system logs for unexpected SYSTEM‑level activity originating from the VPN client process

Generated by OpenCVE AI on June 4, 2026 at 13:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 04 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 04 Jun 2026 13:45:00 +0000

Type Values Removed Values Added
First Time appeared Forcepoint
Forcepoint vpn Client
Vendors & Products Forcepoint
Forcepoint vpn Client

Thu, 04 Jun 2026 12:15:00 +0000

Type Values Removed Values Added
Description A local privilege escalation vulnerability exists in Forcepoint VPN Client that allows a local non-administrative user to escalate privileges to SYSTEM. This issue affects VPN Client for Windows: versions 6.11.3 and prior.
Title Local Privilege Escalation in VPN Client
Weaknesses CWE-250
References
Metrics cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Forcepoint Vpn Client
cve-icon MITRE

Status: PUBLISHED

Assigner: forcepoint

Published:

Updated: 2026-06-04T13:21:13.818Z

Reserved: 2025-11-04T12:33:50.696Z

Link: CVE-2025-12694

cve-icon Vulnrichment

Updated: 2026-06-04T13:21:09.257Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-04T12:16:23.420

Modified: 2026-06-04T15:25:53.963

Link: CVE-2025-12694

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-04T14:00:15Z

Weaknesses
  • CWE-250

    Execution with Unnecessary Privileges