PT-2025-28945 · Palo Alto Networks · Globalprotect App+1
Alex Bourla
+1
·
Published
2025-07-09
·
Updated
2025-07-15
·
CVE-2025-0141
CVSS v4.0
8.4
High
| Vector | AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:H/SI:H/SA:H/AU:N/R:U/V:D/RE:M/U:Amber |
Name of the Vulnerable Software and Affected Versions:
Palo Alto Networks GlobalProtect App versions prior to 6.2.8-c243
Description:
An incorrect privilege assignment allows a locally authenticated, non-administrative user to escalate privileges to root on macOS and Linux, or NTAUTHORITY SYSTEM on Windows. The GlobalProtect app on iOS, Android, Chrome OS and GlobalProtect UWP app are not affected.
Recommendations:
Upgrade to GlobalProtect App version 6.2.8-c243.
Fix
Untrusted Search Path
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Globalprotect App
Globalprotect Uwp App