Vulnerability in Palo Alto Networks Globalprotect App
CVE-2025-2183
An insufficient certificate validation issue in the Palo Alto Networks GlobalProtect™ app enables attackers to connect the GlobalProtect app to arbitrary servers. This can enable a local non-administrative operating system user or an attac…
Vulnerability class: Improper Certificate Validation
EPSS: 0.001 (1.5th percentile) — read the EPSS interpretation.
Affected products
- Palo Alto Networks Globalprotect App — versions 6.3.0, 6.2.0, 6.1.0
- Palo Alto Networks Global Protect Uwp App — versions All
Weakness classification (CWE)
References
- psirt@paloaltonetworks.com (vendor-advisory)