CVE-2025-4227
published 2025-06-13CVE-2025-4227: An improper access control vulnerability in the Endpoint Traffic Policy Enforcement https://docs.paloaltonetworks.com/globalprotect/6-0/globalprotect-app-new-fe…
PriorityP412low3.5CVSS 3.1
AVPACLPRNUINSUCLILAN
EPSS
0.13%
3.2th percentile
An improper access control vulnerability in the Endpoint Traffic Policy Enforcement https://docs.paloaltonetworks.com/globalprotect/6-0/globalprotect-app-new-features/new-features-released-in-gp-app/endpoint-traffic-policy-enforcement feature of the Palo Alto Networks GlobalProtect™ app allows certain packets to remain unencrypted instead of being properly secured within the tunnel.
An attacker with physical access to the network can inject rogue devices to intercept these packets. Under normal operating conditions, the GlobalProtect app automatically recovers from this interception within one minute.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| palo_alto_networks | globalprotect_app | — | — |
| palo_alto_networks | globalprotect_app | — | — |
| palo_alto_networks | globalprotect_app | >= 6.2.0 < 6.2.8-h2 | 6.2.8-h2 |
| palo_alto_networks | globalprotect_app | >= 6.3.0 < 6.3.2-566 | 6.3.2-566 |
| paloalto | globalprotect_app | — | — |
| paloaltonetworks | globalprotect | >= 6.0.0 < 6.2.8 | 6.2.8 |
| paloaltonetworks | globalprotect | >= 6.3.0 < 6.3.3 | 6.3.3 |
CVSS provenance
nvdv3.13.5LOWCVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
nvdv4.01.0LOWCVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:L/U:Green
vendor_oracle7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-h9qj-xx2j-6h84: An improper access control vulnerability in the Endpoint Traffic Policy Enforcement https://docs
ghsa_unreviewed·2025-06-13
CVE-2025-4227 [LOW] CWE-319 GHSA-h9qj-xx2j-6h84: An improper access control vulnerability in the Endpoint Traffic Policy Enforcement https://docs
An improper access control vulnerability in the Endpoint Traffic Policy Enforcement https://docs.paloaltonetworks.com/globalprotect/6-0/globalprotect-app-new-features/new-features-released-in-gp-app/endpoint-traffic-policy-enforcement feature of the Palo Alto Networks GlobalProtect™ app allows certain packets to remain unencrypted instead of being properly secured within the tunnel.
An attacker with physical access to the network can inject rogue devices to intercept these packets. Under normal operating conditions, the GlobalProtect app automatically recovers from this interception within one minute.
Oracle
Oracle Oracle Communications Risk Matrix: Configuration Management Platform (gSOAP) — CVE-2024-4227
vendor_oracle·2025-04-15·CVSS 7.5
CVE-2024-4227 [HIGH] Oracle Oracle Communications Risk Matrix: Configuration Management Platform (gSOAP) — CVE-2024-4227
Oracle Oracle Communications Risk Matrix: Configuration Management Platform (gSOAP) vulnerability
CVE: CVE-2024-4227
CVSS: 7.5
Protocol: HTTP
Remote exploit: Yes
Affected versions: Network
Advisory: cpuapr2025 (APR 2025)
Palo Alto
GlobalProtect App: Interception in Endpoint Traffic Policy Enforcement
vendor_paloalto·CVSS 1.0
CVE-2025-4227 [LOW] CWE-319 GlobalProtect App: Interception in Endpoint Traffic Policy Enforcement
GlobalProtect App: Interception in Endpoint Traffic Policy Enforcement
An improper access control vulnerability in the Endpoint Traffic Policy Enforcement (https://docs.paloaltonetworks.com/globalprotect/6-0/globalprotect-app-new-features/new-features-released-in-gp-app/endpoint-traffic-policy-enforcement) feature of the Palo Alto Networks GlobalProtect™ app allows certain packets to remain unencrypted instead of being properly secured within the tunnel.
An attacker with physical access to the network can inject rogue devices to intercept these packets. Under normal operating conditions, the GlobalProtect app automatically recovers from this interception within one minute.
Affected products: GlobalProtect App
Solution: To fully resolve this vulnerability, complete all steps below in se
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-06-13
Published