Paloalto Globalprotect App vulnerabilities

45 known vulnerabilities affecting paloalto/globalprotect_app.

Total CVEs
45
CISA KEV
3
actively exploited
Public exploits
4
Exploited in wild
3
Severity breakdown
CRITICAL3HIGH17MEDIUM22LOW3

Vulnerabilities

Page 3 of 3
CVE-2025-2183MEDIUMCVSS 5.3
CVE-2025-2183 [MEDIUM] CWE-295 GlobalProtect App: Improper Certificate Validation Leads to Privilege Escalation GlobalProtect App: Improper Certificate Validation Leads to Privilege Escalation An insufficient certificate validation issue in the Palo Alto Networks GlobalProtect™ app enables attackers to connect the GlobalProtect app to arbitrary servers. This can enable a local non-administrative operating system user or an attacker on the same subnet to install malicious root certificates on th
paloalto
CVE-2025-0135MEDIUMCVSS 5.2
CVE-2025-0135 [MEDIUM] CWE-266 GlobalProtect App on macOS: Non Admin User Can Disable the GlobalProtect App GlobalProtect App on macOS: Non Admin User Can Disable the GlobalProtect App An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect™ app on macOS devices enables a locally authenticated non administrative user to disable the app even if the GlobalProtect app configuration would not normally permit them to do so. The GlobalProtect app on Windows, Linux, iO
paloalto
CVE-2025-0118MEDIUMCVSS 6.0
CVE-2025-0118 [MEDIUM] CWE-618 GlobalProtect App: Execution of Unsafe ActiveX Control Vulnerability GlobalProtect App: Execution of Unsafe ActiveX Control Vulnerability A vulnerability in the Palo Alto Networks GlobalProtect app on Windows allows a remote attacker to run ActiveX controls within the context of an authenticated Windows user. This enables the attacker to run commands as if they are a legitimate authenticated user. However, to exploit this vulnerability, the authenticated user must
paloalto
CVE-2025-2179MEDIUMCVSS 6.8
CVE-2025-2179 [MEDIUM] CWE-266 GlobalProtect App: Non Admin User Can Disable the GlobalProtect App GlobalProtect App: Non Admin User Can Disable the GlobalProtect App An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect™ App on Linux devices enables a locally authenticated non administrative user to disable the app even if the GlobalProtect app configuration would not normally permit them to do so. The GlobalProtect app on Windows, macOS, iOS, Android, Chrome
paloalto
CVE-2025-4227LOWCVSS 1.0
CVE-2025-4227 [LOW] CWE-319 GlobalProtect App: Interception in Endpoint Traffic Policy Enforcement GlobalProtect App: Interception in Endpoint Traffic Policy Enforcement An improper access control vulnerability in the Endpoint Traffic Policy Enforcement (https://docs.paloaltonetworks.com/globalprotect/6-0/globalprotect-app-new-features/new-features-released-in-gp-app/endpoint-traffic-policy-enforcement) feature of the Palo Alto Networks GlobalProtect™ app allows certain packets to remain unencr
paloalto
← Previous3 / 3
Paloalto Globalprotect App vulnerabilities | cvebase