CVE-2025-4227 — Cleartext Transmission of Sensitive Info in Palo Alto Networks Globalprotect APP

CWE-319 — Cleartext Transmission of Sensitive Info5 documents5 sources

Severity

1.0LOWNVD

EPSS

0.1%

top 81.74%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Palo Alto Networks Globalprotect APP Paloaltonetworks Globalprotect Paloalto Globalprotect APP

Timeline

PublishedJun 13

Description

An improper access control vulnerability in the Endpoint Traffic Policy Enforcement https://docs.paloaltonetworks.com/globalprotect/6-0/globalprotect-app-new-features/new-features-released-in-gp-app/endpoint-traffic-policy-enforcement feature of the Palo Alto Networks GlobalProtect™ app allows certain packets to remain unencrypted instead of being properly secured within the tunnel. An attacker with physical access to the network can inject rogue devices to intercept these packets. Under normal…

CVSS vector

CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Packages3 packages

▶NVDpaloaltonetworks/globalprotect6.0.0 — 6.2.8+1

▶CVEListV5palo_alto_networks/globalprotect_app6.3.0 — 6.3.2-566+3

▶Palo Altopaloalto/globalprotect_app

🔴Vulnerability Details

GHSA

GHSA-h9qj-xx2j-6h84: An improper access control vulnerability in the Endpoint Traffic Policy Enforcement https://docs↗2025-06-13

▶

CVEList

GlobalProtect App: Interception in Endpoint Traffic Policy Enforcement↗2025-06-13

▶

📋Vendor Advisories

Oracle

Oracle Oracle Communications Risk Matrix: Configuration Management Platform (gSOAP) — CVE-2024-4227↗2025-04-15

▶

Palo Alto

GlobalProtect App: Interception in Endpoint Traffic Policy Enforcement↗

▶