cbcvebase.
CVE-2025-4227
published 2025-06-13

CVE-2025-4227: An improper access control vulnerability in the Endpoint Traffic Policy Enforcement https://docs.paloaltonetworks.com/globalprotect/6-0/globalprotect-app-new-fe…

PriorityP412low3.5CVSS 3.1
AVPACLPRNUINSUCLILAN
EPSS
0.13%
3.2th percentile
An improper access control vulnerability in the Endpoint Traffic Policy Enforcement https://docs.paloaltonetworks.com/globalprotect/6-0/globalprotect-app-new-features/new-features-released-in-gp-app/endpoint-traffic-policy-enforcement feature of the Palo Alto Networks GlobalProtect™ app allows certain packets to remain unencrypted instead of being properly secured within the tunnel. An attacker with physical access to the network can inject rogue devices to intercept these packets. Under normal operating conditions, the GlobalProtect app automatically recovers from this interception within one minute.

Affected

7 ranges
VendorProductVersion rangeFixed in
palo_alto_networksglobalprotect_app
palo_alto_networksglobalprotect_app
palo_alto_networksglobalprotect_app>= 6.2.0 < 6.2.8-h26.2.8-h2
palo_alto_networksglobalprotect_app>= 6.3.0 < 6.3.2-5666.3.2-566
paloaltoglobalprotect_app
paloaltonetworksglobalprotect>= 6.0.0 < 6.2.86.2.8
paloaltonetworksglobalprotect>= 6.3.0 < 6.3.36.3.3

CVSS provenance

nvdv3.13.5LOWCVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
nvdv4.01.0LOWCVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:L/U:Green
vendor_oracle7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.