Platform
other
Component
harmony-sase-windows-agent
Fixed in
12.2.1
CVE-2025-9142 describes a Privilege Escalation vulnerability affecting Check Point Harmony SASE Windows Agent. This flaw allows a local user to manipulate file system permissions, potentially leading to unauthorized access and control. The vulnerability impacts versions of the agent prior to 12.2, and a fix is available in version 12.2.
An attacker exploiting this vulnerability could gain elevated privileges on a system running the vulnerable Harmony SASE Windows Agent. This could allow them to install malware, steal sensitive data, or even take complete control of the affected machine. The ability to write or delete files outside the intended certificate working directory bypasses security controls designed to protect system integrity. The potential impact extends to any data stored on the compromised system, including credentials, configuration files, and user data. Successful exploitation could lead to significant data breaches and disruption of business operations.
CVE-2025-9142 was published on 2026-01-14. Currently, there are no publicly available proof-of-concept exploits. The EPSS score is pending evaluation. Monitor security advisories and threat intelligence feeds for any indications of active exploitation campaigns targeting this vulnerability.
Exploit Status
EPSS
0.01% (1% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-9142 is to upgrade the Check Point Harmony SASE Windows Agent to version 12.2 or later. If immediate upgrading is not possible due to compatibility issues or testing requirements, consider implementing stricter file system permissions on the certificate working directory to limit the attacker's ability to write or delete files. While not a complete solution, this can reduce the potential impact. Check Point may also release temporary WAF rules or proxy configurations to filter malicious requests targeting this vulnerability, but these are not a substitute for patching. After upgrading, verify the agent version and confirm that the certificate working directory permissions are correctly configured.
Actualice Check Point Harmony SASE Windows Agent a la versión 12.2 o posterior. Esto solucionará la vulnerabilidad de escalada de privilegios local que permite a un usuario escribir o eliminar archivos fuera del directorio de trabajo de certificados previsto. Consulte el advisory de Check Point (SK184557) para obtener más detalles e instrucciones de actualización.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-9142 is a vulnerability in Check Point Harmony SASE Windows Agent versions prior to 12.2 that allows a local user to escalate privileges by writing or deleting files outside the intended directory.
You are affected if you are using Check Point Harmony SASE Windows Agent versions prior to 12.2. Upgrade to version 12.2 to mitigate the risk.
The recommended fix is to upgrade to Check Point Harmony SASE Windows Agent version 12.2 or later. Consider stricter file system permissions as a temporary workaround.
Currently, there are no publicly known active exploitation campaigns targeting CVE-2025-9142, but monitoring is advised.
Refer to the official Check Point Security Advisory for detailed information and updates regarding CVE-2025-9142.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.