CVE-2020-8250

HIGH

Pulse Secure Desktop Client (Linux) < 9.1R9 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-8250. PoCs published by mbadanoiu.

AI-analyzed exploit summary The repository describes a privilege escalation vulnerability in the Pulse Secure VPN Linux client (CVE-2020-8250), where the SUID executable 'pulsesvc' unsafely passes the 'HOME' environment variable to 'system()', allowing command injection. The README provides technical details but lacks direct exploit code, instead referencing an external PDF for further exploitation steps.

Description

A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to escalate privilege.

Exploits (1)

nomisec WRITEUP
by mbadanoiu · poc
https://github.com/mbadanoiu/CVE-2020-8250

The repository describes a privilege escalation vulnerability in the Pulse Secure VPN Linux client (CVE-2020-8250), where the SUID executable 'pulsesvc' unsafely passes the 'HOME' environment variable to 'system()', allowing command injection. The README provides technical details but lacks direct exploit code, instead referencing an external PDF for further exploitation steps.

Classification
Writeup 90%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Pulse Secure VPN Linux Client
Auth required
Prerequisites: Access to a compromised client with Pulse Secure VPN installed · Ability to modify environment variables
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1
Core References

Scores

CVSS v3 7.8
EPSS 0.0048
EPSS Percentile 37.4%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

Status published
Products (2)
pulsesecure/pulse_secure_desktop_client 9.1 (14 CPE variants)
pulsesecure/pulse_secure_desktop_client < 9.1
Published Oct 28, 2020
Tracked Since Feb 18, 2026