PatchSiren cyber security CVE debrief
CVE-2025-12694 Forcepoint CVE debrief
A local privilege escalation vulnerability exists in Forcepoint VPN Client for Windows, affecting versions 6.11.3 and prior. This vulnerability allows a local non-administrative user to escalate privileges to SYSTEM, with a CVSS score of 8.5 and a HIGH severity rating.
- Vendor
- Forcepoint
- Product
- VPN Client
- CVSS
- HIGH 8.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-04
- Original CVE updated
- 2026-06-04
- Advisory published
- 2026-06-04
- Advisory updated
- 2026-06-04
Who should care
Administrators and users of Forcepoint VPN Client for Windows, particularly those with local non-administrative access, should be aware of this vulnerability and take necessary precautions.
Technical summary
The vulnerability exists in Forcepoint VPN Client for Windows, versions 6.11.3 and prior. A local non-administrative user can exploit this vulnerability to escalate privileges to SYSTEM.
Defensive priority
HIGH
Recommended defensive actions
- Update Forcepoint VPN Client for Windows to a version that is not affected by this vulnerability.
- Restrict local access to sensitive areas of the system.
- Monitor system logs for suspicious activity.
Evidence notes
The CVE record and NVD detail can be found at [cve-org] and [nvd], respectively. Additional information is available at [ref-4].
Official resources
-
CVE-2025-12694 CVE record
CVE.org
-
CVE-2025-12694 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2025-12694 was published on 2026-06-04T12:16:23.420Z and modified on 2026-06-04T15:25:53.963Z.