CVE-2025-0117

Description

A reliance on untrusted input for a security decision in the GlobalProtect app on Windows devices potentially enables a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY\SYSTEM. GlobalProtect App on macOS, Linux, iOS, Android, Chrome OS and GlobalProtect UWP App are not affected.

CVSS breakdown

CVSS 4.0

Attack Vector

Local

Attack Complexity

Low

Attack Requirements

None

Privileges Required

Low

User Interaction

Passive

Confidentiality (Vulnerable System)

None

Integrity (Vulnerable System)

High

Availability (Vulnerable System)

None

Confidentiality (Subsequent System)

High

Integrity (Subsequent System)

High

Availability (Subsequent System)

High

None

Unchanged

Amber

Affected products

Palo Alto Networks / GlobalProtect UWP AppAll – All
paloaltonetworks / globalprotect_app6.3.1 – 6.3.1
paloaltonetworks / globalprotect_app6.3.0 – 6.3.0
paloaltonetworks / globalprotect_app6.2.4 – 6.2.4
paloaltonetworks / globalprotect_app6.3.2 – 6.3.2
paloaltonetworks / globalprotect_app6.2.2 – 6.2.2
paloaltonetworks / globalprotect_app6.2.1 – 6.2.1
paloaltonetworks / globalprotect_app6.2.0 – 6.2.0
paloaltonetworks / globalprotect_app6.2.3 – 6.2.3

References

MISChttps://security.paloaltonetworks.com/CVE-2025-0117