CVE-2025-0135
published 2025-05-14CVE-2025-0135: An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect™ App on macOS devices enables a locally authenticated non…
PriorityP49low3.3CVSS 3.1
AVLACLPRLUINSUCNINAL
EPSS
0.11%
1.8th percentile
An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect™ App on macOS devices enables a locally authenticated non administrative user to disable the app.
The GlobalProtect app on Windows, Linux, iOS, Android, Chrome OS and GlobalProtect UWP app are not affected.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| msrc | azl3_virglrenderer_0.9.1-3_on_azure_linux_3.0 | — | — |
| msrc | azure_linux_3.0_arm | — | — |
| msrc | azure_linux_3.0_x64 | — | — |
| msrc | cbl_mariner_2.0_arm | — | — |
| msrc | cbl_mariner_2.0_x64 | — | — |
| palo_alto_networks | globalprotect_app | — | — |
| palo_alto_networks | globalprotect_app | — | — |
| palo_alto_networks | globalprotect_app | >= 6.2.0 < 6.2.8 | 6.2.8 |
| palo_alto_networks | globalprotect_app | >= 6.3.0 < 6.3.3 | 6.3.3 |
| paloalto | globalprotect_app | — | — |
| paloalto | globalprotect_uwp_app | — | — |
| paloaltonetworks | globalprotect | >= 6.0.0 < 6.2.8 | 6.2.8 |
| paloaltonetworks | globalprotect | >= 6.3.0 < 6.3.3 | 6.3.3 |
CVSS provenance
nvdv3.13.3LOWCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
nvdv4.05.2MEDIUMCVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber
vendor_msrc7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-74m8-698c-prjf: An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect™ App on macOS devices enables a locally authenticated non admi
ghsa_unreviewed·2025-05-14
CVE-2025-0135 [MEDIUM] CWE-266 GHSA-74m8-698c-prjf: An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect™ App on macOS devices enables a locally authenticated non admi
An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect™ App on macOS devices enables a locally authenticated non administrative user to disable the app.
The GlobalProtect app on Windows, Linux, iOS, Android, Chrome OS and GlobalProtect UWP app are not affected.
Microsoft
An out-of-bounds write issue was found in the VirGL virtual OpenGL renderer (virglrenderer). This flaw allows a malicious guest to create a specially crafted virgil resource and then issue a VIRTGPU_E
vendor_msrc·2022-08-09·CVSS 7.8
CVE-2022-0135 [HIGH] CWE-787 An out-of-bounds write issue was found in the VirGL virtual OpenGL renderer (virglrenderer). This flaw allows a malicious guest to create a specially crafted virgil resource and then issue a VIRTGPU_E
An out-of-bounds write issue was found in the VirGL virtual OpenGL renderer (virglrenderer). This flaw allows a malicious guest to create a specially crafted virgil resource and then issue a VIRTGPU_EXECBUFFER ioctl leading to a denial of service or possible code execution.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more infor
Palo Alto
GlobalProtect App on macOS: Non Admin User Can Disable the GlobalProtect App
vendor_paloalto·CVSS 5.2
CVE-2025-0135 [MEDIUM] CWE-266 GlobalProtect App on macOS: Non Admin User Can Disable the GlobalProtect App
GlobalProtect App on macOS: Non Admin User Can Disable the GlobalProtect App
An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect™ app on macOS devices enables a locally authenticated non administrative user to disable the app even if the GlobalProtect app configuration would not normally permit them to do so.
The GlobalProtect app on Windows, Linux, iOS, Android, Chrome OS and GlobalProtect UWP app are not affected.
Affected products: GlobalProtect App, GlobalProtect UWP App
Solution: VERSION SUGGESTED SOLUTION
GlobalProtect App 6.3 on macOS Upgrade to 6.3.3 or later
GlobalProtect App 6.2 on macOS Upgrade to 6.2.8 or later
GlobalProtect App 6.1 on macOS Upgrade to 6.2.8 or later or 6.3.3 or later
GlobalProtect App 6.0 on macOS Upgrade to 6.2.8 or lat
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-05-14
Published