A critical privilege-escalation vulnerability has been discovered in Check Point’s Harmony SASE (Secure Access Service Edge) Windows client software, affecting versions prior to 12.2.

Tracked as CVE-2025-9142, the flaw allows local attackers to write or delete files outside the intended certificate working directory, potentially leading to system-level compromise.

news

A critical privilege-escalation vulnerability has been discovered in Check Point’s Harmony SASE (Secure Access Service Edge) Windows client software, affecting versions prior to 12.2.

Tracked as CVE-2025-9142, the flaw allows local attackers to write or delete files outside the intended certificate working directory, potentially leading to system-level compromise.