PT-2025-33023 · Palo Alto Networks · Globalprotect
Maxime Escorbiac
+1
·
Published
2025-03-10
·
Updated
2025-08-26
·
CVE-2025-2183
CVSS v4.0
5.3
Medium
| Vector | AV:P/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/AU:N/R:U/V:D/U:Amber |
Name of the Vulnerable Software and Affected Versions:
Palo Alto Networks GlobalProtect app (affected versions not specified)
Description:
An insufficient certificate validation issue in the Palo Alto Networks GlobalProtect app allows attackers to connect the app to arbitrary servers. This can enable a local non-administrative operating system user or an attacker on the same subnet to install malicious root certificates on the endpoint and subsequently install malicious software signed by those certificates.
Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Improper Certificate Validation
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Globalprotect