Paloalto Globalprotect Uwp App vulnerabilities

CVE-2024-9473 [MEDIUM] CWE-250 GlobalProtect App: Local Privilege Escalation (PE) Vulnerability GlobalProtect App: Local Privilege Escalation (PE) Vulnerability A privilege escalation vulnerability in the Palo Alto Networks GlobalProtect app on Windows allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY/SYSTEM through the use of the repair functionality offered by the .msi file used to install GlobalProtect. Affected products: GlobalProte

CVE-2025-0120 [HIGH] CWE-250 GlobalProtect App: Local Privilege Escalation (PE) Vulnerability GlobalProtect App: Local Privilege Escalation (PE) Vulnerability A vulnerability with a privilege management mechanism in the Palo Alto Networks GlobalProtect™ app on Windows devices allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY\SYSTEM. However, execution requires that the local user can also successfully exploit a race condition, which make

CVE-2025-0141 [HIGH] CWE-426 GlobalProtect App: Privilege Escalation (PE) Vulnerability GlobalProtect App: Privilege Escalation (PE) Vulnerability An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect™ App on enables a locally authenticated non administrative user to escalate their privileges to root on macOS and Linux or NT AUTHORITY\SYSTEM on Windows. The GlobalProtect app on iOS, Android, Chrome OS and GlobalProtect UWP app are not affected. Affected produ

CVE-2025-0117 [HIGH] CWE-807 GlobalProtect App: Local Privilege Escalation (PE) Vulnerability GlobalProtect App: Local Privilege Escalation (PE) Vulnerability A reliance on untrusted input for a security decision in the GlobalProtect app on Windows devices potentially enables a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY\SYSTEM. GlobalProtect App on macOS, Linux, iOS, Android, Chrome OS and GlobalProtect UWP App are not affected. Affected

CVE-2025-0140 [MEDIUM] CWE-266 GlobalProtect App: Non Admin User Can Disable the GlobalProtect App GlobalProtect App: Non Admin User Can Disable the GlobalProtect App An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect™ App on macOS devices enables a locally authenticated non administrative user to disable the app even if the GlobalProtect app configuration would not normally permit them to do so. The GlobalProtect app on Windows, Linux, iOS, Android, Chrome

CVE-2025-0135 [MEDIUM] CWE-266 GlobalProtect App on macOS: Non Admin User Can Disable the GlobalProtect App GlobalProtect App on macOS: Non Admin User Can Disable the GlobalProtect App An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect™ app on macOS devices enables a locally authenticated non administrative user to disable the app even if the GlobalProtect app configuration would not normally permit them to do so. The GlobalProtect app on Windows, Linux, iO

CVE-2025-0118 [MEDIUM] CWE-618 GlobalProtect App: Execution of Unsafe ActiveX Control Vulnerability GlobalProtect App: Execution of Unsafe ActiveX Control Vulnerability A vulnerability in the Palo Alto Networks GlobalProtect app on Windows allows a remote attacker to run ActiveX controls within the context of an authenticated Windows user. This enables the attacker to run commands as if they are a legitimate authenticated user. However, to exploit this vulnerability, the authenticated user must

CVE-2025-2179 [MEDIUM] CWE-266 GlobalProtect App: Non Admin User Can Disable the GlobalProtect App GlobalProtect App: Non Admin User Can Disable the GlobalProtect App An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect™ App on Linux devices enables a locally authenticated non administrative user to disable the app even if the GlobalProtect app configuration would not normally permit them to do so. The GlobalProtect app on Windows, macOS, iOS, Android, Chrome