PT-2025-11118 · Microsoft+1 · Activex+1

Maxime Escourbiac

Published

2025-03-12

Updated

2025-03-14

CVE-2025-0118

CVSS v2.0

9.7

High

Vector

AV:N/AC:L/Au:N/C:C/I:P/A:C

Name of the Vulnerable Software and Affected Versions: Palo Alto Networks GlobalProtect app on Windows (affected versions not specified)

Description: A remote attacker can run ActiveX controls within the context of an authenticated Windows user, enabling them to run commands as if they are a legitimate authenticated user. This issue can be exploited when the authenticated user navigates to a malicious page during the GlobalProtect SAML login process on a Windows device.

Recommendations: As a temporary workaround, consider disabling the use of ActiveX controls within the GlobalProtect app on Windows until a patch is available. Restrict access to malicious web pages to minimize the risk of exploitation during the GlobalProtect SAML login process.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-618

Related Identifiers

BDU:2025-03999

CVE-2025-0118

Affected Products

Activex

Palo Alto Networks Globalprotect

PT-2025-11118 · Microsoft+1 · Activex+1

CVE-2025-0118

Weakness Enumeration

Related Identifiers

Affected Products

References · 9