Definition

What is Privilege Escalation?

The process of exploiting a vulnerability or misconfiguration to gain a higher level of access than was originally authorized. Vertical escalation involves gaining elevated permissions such as administrator or root access; horizontal escalation involves accessing resources belonging to another user at the same privilege level. Privilege escalation is a critical post-exploitation step in penetration testing that demonstrates the full potential blast radius of an initial security foothold.

Related terms

Authorization →

The process of determining what actions and resources a verified identity is permitted to access or modify.

Insecure Direct Object Reference (IDOR) →

A vulnerability that occurs when an application exposes an internal implementation object — such as a database record ID, filename, or account number — without verifying that the requesting user is authorized to access it.

Remote Code Execution (RCE) →

A critical vulnerability class that allows an attacker to execute arbitrary commands or code on a target system from a remote location, typically without requiring physical access or prior authentication.

Exploit →

A piece of software, command sequence, or technique that leverages a known vulnerability to cause unintended or unauthorized behavior in a target system.

Put this into practice

Multi-step attack chain simulation →

See how Penetrify's autonomous AI agents find and validate this class of security issue in your application.