Privilege escalation is the gain of more access or authority than a user, process, or workload was originally meant to have.
Privilege escalation is the gain of more access or authority than a user, process, or workload was originally meant to have. In plain language, it is when a small foothold turns into bigger power inside the environment.
Privilege escalation matters because many incidents become dangerous only after access grows. An attacker or unauthorized process may begin with limited reach, but if it can obtain administrative or otherwise broader access, the likely impact rises sharply.
It also matters because privilege problems often connect multiple control gaps. Weak role design, unsafe defaults, vulnerable software, and overprivileged service identities can all make escalation easier.
Privilege escalation appears in endpoint compromise, cloud-role misuse, application-security review, identity governance, and Attack Path analysis. Teams connect it to Least Privilege, Privileged Access Management, Just-in-Time Access, Just Enough Administration, and Lateral Movement.
Security teams watch for escalation because it often marks the point where a localized issue becomes an organizational incident.
A compromised application account is supposed to read one internal service, but because it was granted excessive permissions it can also modify infrastructure settings and reach more sensitive systems. That change in effective power is privilege escalation risk.
Privilege escalation is not the same as Lateral Movement. Escalation is about gaining more power. Lateral movement is about moving to other systems or accounts. In real incidents, the two often reinforce each other.
It is also different from normal approved elevation for maintenance. Legitimate administrative access should be deliberate, logged, and time-bound rather than accidental or unauthorized.