CVE-2025-0118 — Exposed Unsafe ActiveX Method in Palo Alto Networks Globalprotect APP

CWE-618 — Exposed Unsafe ActiveX Method4 documents4 sources

Severity

6.0MEDIUMNVD

EPSS

0.3%

top 49.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Palo Alto Networks Globalprotect APP Paloaltonetworks Globalprotect Paloalto Globalprotect APP +1 more

Timeline

PublishedMar 12

Description

A vulnerability in the Palo Alto Networks GlobalProtect app on Windows allows a remote attacker to run ActiveX controls within the context of an authenticated Windows user. This enables the attacker to run commands as if they are a legitimate authenticated user. However, to exploit this vulnerability, the authenticated user must navigate to a malicious page during the GlobalProtect SAML login process on a Windows device. This issue does not apply to the GlobalProtect app on other (non-Windows) …

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:L/VA:H/SC:L/SI:L/SA:L

Affected Packages4 packages

▶NVDpaloaltonetworks/globalprotect6.0.0 — 6.0.11+3

▶CVEListV5palo_alto_networks/globalprotect_app6.2.0 — 6.2.5+2

▶Palo Altopaloalto/globalprotect_app

▶Palo Altopaloalto/globalprotect_uwp_app

🔴Vulnerability Details

GHSA

GHSA-4gx3-p432-m8m7: A vulnerability in the Palo Alto Networks GlobalProtect app on Windows allows a remote attacker to run ActiveX controls within the context of an authe↗2025-03-12

▶

CVEList

GlobalProtect App: Execution of Unsafe ActiveX Control Vulnerability↗2025-03-12

▶

📋Vendor Advisories

Palo Alto

GlobalProtect App: Execution of Unsafe ActiveX Control Vulnerability↗

▶