CVE-2025-0120
published 2025-04-11CVE-2025-0120: A vulnerability with a privilege management mechanism in the Palo Alto Networks GlobalProtect™ app on Windows devices allows a locally authenticated…
PriorityP434high7CVSS 3.1
AVLACHPRLUINSUCHIHAH
EPSS
0.13%
3.1th percentile
A vulnerability with a privilege management mechanism in the Palo Alto Networks GlobalProtect™ app on Windows devices allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY\SYSTEM. However, execution requires that the local user can also successfully exploit a race condition, which makes this vulnerability difficult to exploit.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| palo_alto_networks | globalprotect_app | — | — |
| palo_alto_networks | globalprotect_app | — | — |
| palo_alto_networks | globalprotect_app | >= 6.2.0 < 6.2.8 | 6.2.8 |
| palo_alto_networks | globalprotect_app | >= 6.3.0 < 6.3.3 | 6.3.3 |
| paloalto | globalprotect_app | — | — |
| paloalto | globalprotect_uwp_app | — | — |
| paloaltonetworks | globalprotect | >= 6.0.0 < 6.0.12 | 6.0.12 |
| paloaltonetworks | globalprotect | >= 6.1.0 < 6.2.7-1077 | 6.2.7-1077 |
| paloaltonetworks | globalprotect | >= 6.3.0 < 6.3.3 | 6.3.3 |
CVSS provenance
nvdv3.17.0HIGHCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv4.07.1HIGHCVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:M/U:Amber
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-gg8q-gxm4-v22c: A vulnerability with a privilege management mechanism in the Palo Alto Networks GlobalProtect™ app on Windows devices allows a locally authenticated n
ghsa_unreviewed·2025-04-11
CVE-2025-0120 [HIGH] CWE-250 GHSA-gg8q-gxm4-v22c: A vulnerability with a privilege management mechanism in the Palo Alto Networks GlobalProtect™ app on Windows devices allows a locally authenticated n
A vulnerability with a privilege management mechanism in the Palo Alto Networks GlobalProtect™ app on Windows devices allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY\SYSTEM. However, execution requires that the local user can also successfully exploit a race condition, which makes this vulnerability difficult to exploit.
Palo Alto
GlobalProtect App: Local Privilege Escalation (PE) Vulnerability
vendor_paloalto·CVSS 7.1
CVE-2025-0120 [HIGH] CWE-250 GlobalProtect App: Local Privilege Escalation (PE) Vulnerability
GlobalProtect App: Local Privilege Escalation (PE) Vulnerability
A vulnerability with a privilege management mechanism in the Palo Alto Networks GlobalProtect™ app on Windows devices allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY\SYSTEM. However, execution requires that the local user can also successfully exploit a race condition, which makes this vulnerability difficult to exploit.
Affected products: GlobalProtect App, GlobalProtect UWP App
Solution: VERSION SUGGESTED SOLUTION
GlobalProtect App 6.3 on Windows Upgrade to 6.3.3 or later
GlobalProtect App 6.2 on Windows Upgrade to 6.2.7-1077 or 6.2.8 or later
GlobalProtect App 6.1 on Windows Upgrade to 6.2.8 or later or upgrade to 6.3.3 or later
GlobalProtect App 6.0 on Window
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-04-11
Published