Privilege escalation in Palo Alto Networks Globalprotect App
CVE-2025-0140
An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect™ App on macOS devices enables a locally authenticated non administrative user to disable the app even if the GlobalProtect app configuration would not…
EPSS: 0.001 (2.8th percentile) — read the EPSS interpretation.
Affected products
- Palo Alto Networks Globalprotect App — versions 6.3.0, 6.2.0, 6.1.0
- Palo Alto Networks Globalprotect Uwp App — versions All
Weakness classification (CWE)
References
- psirt@paloaltonetworks.com (vendor-advisory)