Privilege escalation in Opswat Metadefender Endpoint Security Sdk
CVE-2025-0131
An incorrect privilege management vulnerability in the OPSWAT MetaDefender Endpoint Security SDK used by the Palo Alto Networks GlobalProtect™ app on Windows devices allows a locally authenticated non-administrative Windows user to escalat…
EPSS: 0.001 (3.1th percentile) — read the EPSS interpretation.
Affected products
- Opswat Metadefender Endpoint Security Sdk — versions 4.3.0
Weakness classification (CWE)
References
- psirt@paloaltonetworks.com (third-party-advisory)
- psirt@paloaltonetworks.com (vendor-advisory)