Elevation of privilege is a vulnerability that lets an attacker obtain more permissions than they should have. In practice, this can mean moving from a low-privileged user to administrator, SYSTEM, or service-level access. Unlike remote code execution, which gives a way in, privilege escalation often helps an attacker turn a small foothold into full control of a device, account, or application.
It matters because many intrusions are won after the first compromise, not before it. Once inside, an attacker may exploit a local bug, a misconfigured service, weak access control, or a flaw in token handling to expand access and disable defenses. In security releases, elevation-of-privilege bugs are prioritized because they can be chained with other issues and used to deepen persistence or reach sensitive data. Defenders reduce risk with least privilege, timely patching, hardening, and monitoring for unusual permission changes or process behavior.



