By weakness (CWE)

CWE-250: related vulnerabilities

CVEs classified under CWE-250. Understanding the weakness class helps prioritize systemic fixes over one-off patches.

3 published vulnerabilities

  • CVE-2025-12694HIGH 7.8

    A flaw in Forcepoint VPN Client for Windows allows any logged-in user without administrator rights to gain full system-level (SYSTEM) access. An attacker with a regular user account can exploit this locally to take complete control of the machine. The vulnerability affects VPN Client version 6.11.3 and all earlier versions.

  • CVE-2026-42061HIGH 7.3

    Acronis DeviceLock DLP on Windows contains a local privilege escalation vulnerability stemming from improper permission assignment to child processes. An authenticated user with limited privileges can exploit this flaw to gain elevated system access, potentially compromising data loss prevention controls and system integrity. The vulnerability requires local access and user interaction but delivers high-impact consequences including confidentiality, integrity, and availability breaches.

  • CVE-2026-10843HIGH 7.2

    OpenShift's Cloud Credential Operator, when running in Mint mode, assigns AWS credentials with excessive permissions. Instead of limiting destructive actions to resources owned by the cluster, the operator grants account-wide scope. If an attacker compromises these credentials, they can perform destructive actions across the entire AWS account, not just the cluster—making lateral movement and account-wide damage possible.