CVE-2025-12690

Published: Mar 11, 2026Modified: May 7, 2026

7.3

Vector

CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: psirt@forcepoint.com (Secondary)

Description

Execution with unnecessary privileges in Forcepoint NGFW Engine allows local privilege escalation.This issue affects NGFW Engine through 6.10.19, through 7.3.0, through 7.2.4, through 7.1.10.

Affected (4)

Products: Forcepoint: Next Generation Firewall

Forcepoint

1 product

Next Generation Firewall

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Forcepoint Next Generation Firewall	Before 6.10.20
Forcepoint Next Generation Firewall	From 7.1.0 to 7.1.11
Forcepoint Next Generation Firewall	From 7.2.0 to 7.2.5
Forcepoint Next Generation Firewall	Version 7.3.0

Related CWEs

CWE-250

Execution with Unnecessary Privileges

The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.

References (1)

https://support.forcepoint.com/s/article/Security-Advisory-Local-Privilege-Escalation-in-NGFW-Engine

Source: psirt@forcepoint.com

Vendor Advisory

Timeline

No history available yet.