Vulnerabilities
Vertical Privilege Escalation
Also known as: Vertical EoP
Definition
A flaw that lets a low-privileged user obtain higher-privileged rights — typically administrator, root, or SYSTEM.
Examples
- A Windows driver flaw that allows a standard user to run code as SYSTEM.
- An /admin API that does not verify the caller's role, allowing a normal user to create new admins.
Related terms
Privilege Escalation
A class of vulnerabilities that lets an attacker gain rights beyond those originally granted, such as moving from a normal user to administrator.
Horizontal Privilege Escalation
A flaw that lets a user access resources or actions of another user with the same privilege level rather than gaining higher rights.
Broken Access Control
A class of vulnerabilities where authorization rules are missing or incorrectly enforced, letting users perform actions or reach data outside their privileges.
Principle of Least Privilege
A security principle that grants every user, process, or service only the minimum privileges strictly required to perform its function — no more.
Exploit
A piece of code, data, or technique that takes advantage of a vulnerability to cause unintended behaviour such as code execution, privilege escalation, or information disclosure.