[Palo Alto Networks Security Advisories] CVE-2025-0120 GlobalProtect App: Local Privilege Escalation (PE) Vulnerability

Palo Alto Networks Security Advisories /CVE-2025-0120

CVE-2025-0120 GlobalProtect App: Local Privilege Escalation (PE) Vulnerability

UrgencyMODERATE

Severity4 ·MEDIUM

Exploit MaturityUNREPORTED

Response EffortMODERATE

RecoveryUSER

Value DensityCONCENTRATED

Attack ComplexityLOW

Attack RequirementsPRESENT

AutomatableNO

User InteractionNONE

Product ConfidentialityNONE

Product IntegrityHIGH

Product AvailabilityNONE

Privileges RequiredLOW

Subsequent ConfidentialityHIGH

Subsequent IntegrityHIGH

Subsequent AvailabilityHIGH

CVE JSON CSAF

Published2025-04-09

Updated2025-04-09

ReferenceGPC-19862,GPC-19858

Discoveredexternally

Description

A vulnerability with a privilege management mechanism in the Palo Alto Networks GlobalProtect™ app on Windows devices allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY\SYSTEM. However, execution requires that the local user can also successfully exploit a race condition, which makes this vulnerability difficult to exploit.

Product Status

Versions	Affected	Unaffected
GlobalProtect App	None on macOS None on Linux None on iOS None on Android None on Chrome OS	All on macOS All on Linux All on iOS All on Android All on Chrome OS
GlobalProtect App 6.3	< 6.3.3 on Windows	>= 6.3.3 on Windows
GlobalProtect App 6.2	< 6.2.7-h3 on Windows < 6.2.8 on Windows	>= 6.2.7-h3 on Windows >= 6.2.8 on Windows
GlobalProtect App 6.1	All on Windows	None on Windows
GlobalProtect App 6.0	All on Windows	None on Windows
GlobalProtect UWP App	None	All

Required Configuration for Exposure

No special configuration is required to be affected by this issue.

Severity:MEDIUM, Suggested Urgency:MODERATE

A local Windows user (or malware) with non-administrative rights elevates their privileges to NT AUTHORITY/SYSTEM.
MEDIUM– CVSS-BT: 4.0 /CVSS-B: 7.1 (CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:H/SI:H/SA:H/E:U/AU:N/R:U/V:C/RE:M/U:Amber)

Exploitation Status

Palo Alto Networks is not aware of any malicious exploitation of this issue.

Weakness Type and Impact

CWE-250 Execution with Unnecessary Privileges

CAPEC-233 Privilege Escalation

Solution

Version	Suggested Solution
GlobalProtect App 6.3 on Windows	Upgrade to 6.3.3 or later
GlobalProtect App 6.2 on Windows	Upgrade to 6.2.7-h3 or 6.2.8 or later
GlobalProtect App 6.1 on Windows	Upgrade to 6.2.8 or later or upgrade to 6.3.3 or later
GlobalProtect App 6.0 on Windows	Upgrade to 6.2.8 or later or upgrade to 6.3.3 or later
GlobalProtect App on macOS	No action needed
GlobalProtect App on Linux	No action needed
GlobalProtect App on iOS	No action needed
GlobalProtect App on Android	No action needed
GlobalProtect UWP App	No action needed

Workarounds and Mitigations

No workaround or mitigation is available.

Acknowledgments

Palo Alto Networks thanks Maxime ESCOURBIAC, Michelin CERT and Yassine BENGANA, Abicom for Michelin CERT for discovering and reporting the issue.

CPEs

cpe:2.3:a:paloaltonetworks:globalprotect_app:6.3.2:-:*:*:*:*:*:*

cpe:2.3:a:paloaltonetworks:globalprotect_app:6.3.1:-:*:*:*:*:*:*

cpe:2.3:a:paloaltonetworks:globalprotect_app:6.3.0:-:*:*:*:*:*:*

cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.7:-:*:*:*:*:*:*

cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.6:-:*:*:*:*:*:*

cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.4:-:*:*:*:*:*:*

cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.3:-:*:*:*:*:*:*

cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.2:-:*:*:*:*:*:*

cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.1:-:*:*:*:*:*:*

cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.0:-:*:*:*:*:*:*