4.3 | CVE-2025-2179
GlobalProtect App: Non Admin User Can Disable the GlobalProtect App | GlobalProtect App GlobalProtect App 6.2 GlobalProtect App 6.1 GlobalProtect App 6.0 GlobalProtect UWP App | None on Android, None on Chrome OS, None on iOS, None on Windows, None on macOS < 6.2.9 on Linux All on Linux All on Linux None | All on Android, All on Chrome OS, All on iOS, All on Windows, All on macOS >= 6.2.9 on Linux None on Linux None on Linux All | 2025-07-28 | 2025-07-28 |
4.3 | CVE-2025-0140
GlobalProtect App: Non Admin User Can Disable the GlobalProtect App | GlobalProtect App GlobalProtect App 6.3 GlobalProtect App 6.2 GlobalProtect App 6.1 GlobalProtect App 6.0 GlobalProtect UWP App | None on Android, None on Chrome OS, None on iOS, None on Windows, None on Linux < 6.3.3-h1 (6.3.3-c650) on macOS < 6.2.8-h2 (6.2.8-c243) on macOS All on macOS All on macOS None | All on Android, All on Chrome OS, All on iOS, All on Windows, All on Linux >= 6.3.3-h1 (6.3.3-c650) on macOS >= 6.2.8-h2 (6.2.8-c243) on macOS None on macOS None on macOS All | 2025-07-09 | 2025-07-28 |
5.7 | CVE-2025-0141
GlobalProtect App: Privilege Escalation (PE) Vulnerability | GlobalProtect App GlobalProtect App 6.3 GlobalProtect App 6.2 GlobalProtect App 6.1 GlobalProtect App 6.0 GlobalProtect UWP App | None on Android, None on Chrome OS, None on iOS < 6.3.3-h1 (6.3.3-c650) on macOS, < 6.3.3-h1 (6.3.3-c650) on Windows < 6.2.8-h2 (6.2.8-c243) on macOS, < 6.2.8-h2 (6.2.8-c243) on Windows, < 6.2.8 on Linux All on macOS, All on Windows, All on Linux All on macOS, All on Windows, All on Linux None | All on Android, All on Chrome OS, All on iOS >= 6.3.3-h1 (6.3.3-c650) on macOS, >= 6.3.3-h1 (6.3.3-c650) on Windows >= 6.2.8-h2 (6.2.8-c243) on macOS, >= 6.2.8-h2 (6.2.8-c243) on Windows, >= 6.2.8 on Linux None on macOS, None on Windows, None on Linux None on macOS, None on Windows, None on Linux All | 2025-07-09 | 2025-07-18 |
5.7 | CVE-2025-4232
GlobalProtect: Authenticated Code Injection Through Wildcard on macOS | GlobalProtect App GlobalProtect App 6.3 GlobalProtect App 6.2 GlobalProtect App 6.1 GlobalProtect App 6.0 | None on Windows, Linux, Android, iOS, Chrome OS < 6.3.3 on macOS < 6.2.8-h2 [6.2.8-c243] on macOS All on macOS All on macOS | All on Windows, Linux, Android, iOS, Chrome OS >= 6.3.3 on macOS >= 6.2.8-h2 [6.2.8-c243] on macOS None on macOS None on macOS | 2025-06-11 | 2025-07-16 |
0.3 | CVE-2025-4227
GlobalProtect App: Interception in Endpoint Traffic Policy Enforcement | GlobalProtect App GlobalProtect App 6.3 GlobalProtect App 6.2 GlobalProtect App 6.1 GlobalProtect App 6.0 | None on Linux, Android, iOS, Chrome OS, UWP ¹ < 6.3.3-c650 on Windows, macOS < 6.2.8-h2 [6.2.8-c243] on Windows, macOS All on Windows, macOS All on Windows, macOS | All on Linux, Android, iOS, Chrome OS, UWP ¹ >= 6.3.3-c650 on Windows, macOS >= 6.2.8-h2 [6.2.8-c243] on Windows, macOS None on Windows, macOS None on Windows, macOS | 2025-06-11 | 2025-06-13 |
1.9 | CVE-2025-0135
GlobalProtect App on macOS: Non Admin User Can Disable the GlobalProtect App | GlobalProtect App GlobalProtect App 6.3 GlobalProtect App 6.2 GlobalProtect App 6.1 GlobalProtect App 6.0 GlobalProtect UWP App | None on Android, None on Chrome OS, None on iOS, None on Windows, None on Linux < 6.3.3-h2 on macOS < 6.2.8-h3 (6.2.8-c263) on macOS All on macOS All on macOS None | All on Android, All on Chrome OS, All on iOS, All on Windows, All on Linux >= 6.3.3-h2 on macOS (ETA: July 28, 2025) >= 6.2.8-h3 (6.2.8-c263) on macOS None on macOS None on macOS All | 2025-05-14 | 2025-07-18 |
4 | CVE-2025-0120
GlobalProtect App: Local Privilege Escalation (PE) Vulnerability | GlobalProtect App GlobalProtect App 6.3 GlobalProtect App 6.2 GlobalProtect App 6.1 GlobalProtect App 6.0 GlobalProtect UWP App | None on macOS, None on Linux, None on iOS, None on Android, None on Chrome OS < 6.3.3 on Windows < 6.2.7-1077 on Windows, < 6.2.8 on Windows All on Windows < 6.0.12 on Windows None | All on macOS, All on Linux, All on iOS, All on Android, All on Chrome OS >= 6.3.3 on Windows >= 6.2.7-1077 on Windows, >= 6.2.8 on Windows None on Windows >= 6.0.12 on Windows (ETA: May 2025) All | 2025-04-09 | 2025-05-02 |
2.2 | CVE-2025-0118
GlobalProtect App: Execution of Unsafe ActiveX Control Vulnerability | GlobalProtect App GlobalProtect App 6.3 GlobalProtect App 6.2 GlobalProtect App 6.1 GlobalProtect App 6.0 GlobalProtect UWP App | None on macOS, Linux, iOS, Android, Chrome OS < 6.3.3 on Windows < 6.2.5 on Windows < 6.1.6 on Windows < 6.0.11 on Windows None | All on macOS, Linux, iOS, Android, Chrome OS >= 6.3.3 on Windows >= 6.2.5 on Windows >= 6.1.6 on Windows >= 6.0.11 on Windows All | 2025-03-12 | 2025-03-12 |
4.3 | CVE-2025-0117
GlobalProtect App: Local Privilege Escalation (PE) Vulnerability | GlobalProtect App GlobalProtect App 6.3 GlobalProtect App 6.2 GlobalProtect App 6.1 GlobalProtect App 6.0 GlobalProtect UWP App | None on iOS, None on Android, None on Chrome OS, None on macOS < 6.3.3 on Windows < 6.2.6 on Windows All on Windows All on Windows None | All on iOS, All on Android, All on Chrome OS, All on macOS >= 6.3.3 on Windows* >= 6.2.6 on Windows* None on Windows None on Windows All | 2025-03-12 | 2025-07-25 |
5.6 | CVE-2024-5921
GlobalProtect App: Insufficient Certificate Validation Leads to Privilege Escalation | GlobalProtect App 6.3 GlobalProtect App 6.2 GlobalProtect App 6.1 GlobalProtect App 6.0 GlobalProtect App 5.1 | < 6.3.2* on Windows, < 6.3.2* on macOS < 6.2.6* on Windows, < 6.2.6-c857* on macOS, < 6.2.1-c31* on Linux, < 6.2.6* on Windows UWP All on Windows, All on macOS, All on Linux, < 6.1.6* on Android, < 6.1.7* on iOS None on FIPS-CC mode None on FIPS-CC mode | >= 6.3.2* on Windows, >= 6.3.2* on macOS >= 6.2.6* on Windows, >= 6.2.6-c857* on macOS, >= 6.2.1-c31* on Linux, >= 6.2.6* on Windows UWP (ETA: end of June) None on Windows, None on macOS, None on Linux, >= 6.1.6* on Android, >= 6.1.7* on iOS All on FIPS-CC mode All on FIPS-CC mode | 2024-11-26 | 2025-05-02 |
5.2 | CVE-2024-9473
GlobalProtect App: Local Privilege Escalation (PE) Vulnerability | GlobalProtect App 6.3 GlobalProtect App 6.2 GlobalProtect App 6.1 GlobalProtect App 6.0 GlobalProtect App 5.1 | < 6.3.1-c383 on Windows < 6.2.5 on Windows < 6.1.4-c720 on Windows, = 6.1.5 on Windows < 6.0.10-c823 on Windows All on Windows | >= 6.3.1-c383 on Windows >= 6.2.5 on Windows >= 6.1.4-c720 on Windows >= 6.0.10-c823 on Windows None on Windows | 2024-10-09 | 2024-10-24 |
i | CVE-2024-47076
Informational: No Impact of CUPS Vulnerabilities on Palo Alto Networks Products | Cloud NGFW Cortex XDR Cortex XDR Agent Cortex XSIAM Cortex XSOAR GlobalProtect App PAN-OS Prisma Access Prisma Access Browser Prisma Cloud Prisma Cloud Compute Prisma SD-WAN | None None None None None None None None None None None None | All All All All All All All All All All All All | 2024-09-26 | 2024-09-26 |
6.9 | CVE-2024-8687
PAN-OS: Cleartext Exposure of GlobalProtect Portal Passcodes | Cloud NGFW GlobalProtect App 6.3 GlobalProtect App 6.2 GlobalProtect App 6.1 GlobalProtect App 6.0 GlobalProtect App 5.2 GlobalProtect App 5.1 PAN-OS 11.2 PAN-OS 11.1 PAN-OS 11.0 PAN-OS 10.2 PAN-OS 10.1 PAN-OS 10.0 PAN-OS 9.1 PAN-OS 9.0 PAN-OS 8.1 Prisma Access | None None < 6.2.1 < 6.1.2 < 6.0.7 < 5.2.13 < 5.1.12 None None < 11.0.1 < 10.2.4 < 10.1.9 < 10.0.12 < 9.1.16 < 9.0.17 < 8.1.25 < 10.2.9 on PAN-OS | All All >= 6.2.1 >= 6.1.2 >= 6.0.7 >= 5.2.13 >= 5.1.12 All All >= 11.0.1 >= 10.2.4 >= 10.1.9 >= 10.0.12 >= 9.1.16 >= 9.0.17 >= 8.1.25 >= 10.2.9 on PAN-OS | 2024-09-11 | 2024-09-11 |
5.2 | CVE-2024-5915
GlobalProtect App: Local Privilege Escalation (PE) Vulnerability | GlobalProtect App 6.3 GlobalProtect App 6.2 GlobalProtect App 6.1 GlobalProtect App 6.0 GlobalProtect App 5.1 | < 6.3.1 on Windows < 6.2.4 on Windows < 6.1.5 on Windows < 6.0.10-c826 on Windows < 5.1.x on Windows | >= 6.3.1 on Windows >= 6.2.4 on Windows >= 6.1.5 on Windows >= 6.0.10-c826 on Windows >= 5.1.x (ETA: December 2024) on Windows | 2024-08-14 | 2024-11-06 |
5.5 | CVE-2024-5908
GlobalProtect App: Encrypted Credential Exposure via Log Files | GlobalProtect App 6.2 GlobalProtect App 6.1 GlobalProtect App 6.0 GlobalProtect App 5.1 | < 6.2.3 on Windows and macOS, None on Linux < 6.1.3 on Windows and macOS, None on Android and iOS, < 6.1.3 on Linux < 6.0.8 on Windows and macOS, All on Linux < 5.1.12 on Windows and macOS, All on Linux | >= 6.2.3 on Windows and macOS, All on Linux >= 6.1.3 on Windows and macOS, All on Android and iOS, >= 6.1.3 on Linux >= 6.0.8 on Windows and macOS, None on Linux >= 5.1.12 on Windows and macOS, None on Linux | 2024-06-12 | 2024-08-14 |
2.1 | CVE-2024-3661
Impact of TunnelVision Vulnerability | Cloud NGFW GlobalProtect App PAN-OS Prisma Access | None All without Endpoint Traffic Policy Enforcement set to All Traffic on Windows, All without Endpoint Traffic Policy Enforcement set to All Traffic on macOS, All on Linux, All without IncludeAllNetworks set to 1 on iOS, None on Android None None | All All with Endpoint Traffic Policy Enforcement set to All Traffic on Windows, All with Endpoint Traffic Policy Enforcement set to All Traffic on macOS, Upcoming major release on Linux, All with IncludeAllNetworks set to 1 on iOS, All on Android All All | 2024-05-16 | 2024-05-16 |
i | CVE-2024-3094
Informational: Impact of Malicious Code in XZ Tools and Libraries (CVE-2024-3094) | | | | 2024-04-01 | 2024-04-01 |
5.7 | CVE-2024-2431
GlobalProtect App: Local User Can Disable GlobalProtect | GlobalProtect App 6.2 GlobalProtect App 6.1 GlobalProtect App 6.0 GlobalProtect App 5.2 GlobalProtect App 5.1 | None < 6.1.1 < 6.0.4 < 5.2.13 < 5.1.12 | All >= 6.1.1 >= 6.0.4 >= 5.2.13 >= 5.1.12 | 2024-03-13 | 2024-03-13 |
5.2 | CVE-2024-2432
GlobalProtect App: Local Privilege Escalation (PE) Vulnerability | GlobalProtect App 6.2 GlobalProtect App 6.1 GlobalProtect App 6.0 GlobalProtect App 5.1 | < 6.2.1 on Windows < 6.1.2 on Windows < 6.0.8 on Windows < 5.1.12 on Windows | >= 6.2.1 on Windows >= 6.1.2 on Windows >= 6.0.8 on Windows >= 5.1.12 on Windows | 2024-03-13 | 2024-03-18 |
0 | CVE-2023-44487
Impact of Rapid Reset and HTTP/2 DoS Vulnerabilities (CVE-2023-44487, CVE-2023-35945) | | | | 2023-10-11 | 2023-10-25 |
i | PAN-SA-2023-0003
Informational Bulletin: Impact of MOVEit Vulnerabilities (CVE-2023-34362, CVE-2023-35036, CVE-2023-35708) | | | | 2023-06-16 | 2023-06-20 |
7.8 | CVE-2023-0009
GlobalProtect App: Local Privilege Escalation (PE) Vulnerability | GlobalProtect App 6.2 GlobalProtect App 6.1 GlobalProtect App 6.0 GlobalProtect App 5.2 GlobalProtect App 5.1 | None < 6.1.1 on Windows < 6.0.5 on Windows < 5.2.13 on Windows < 5.1.12 on Windows | All >= 6.1.1 >= 6.0.5 >= 5.2.13 >= 5.1.12 | 2023-06-14 | 2024-04-10 |
6.3 | CVE-2023-0006
GlobalProtect App: Local File Deletion Vulnerability | GlobalProtect App 6.1 GlobalProtect App 6.0 GlobalProtect App 5.2 GlobalProtect App 5.1 | < 6.1.1 on Windows < 6.0.4 on Windows < 5.2.13 on Windows < 5.1.12 on Windows | >= 6.1.1 on Windows >= 6.0.4 on Windows >= 5.2.13 on Windows >= 5.1.12 on Windows | 2023-04-12 | 2024-04-10 |
0 | PAN-SA-2023-0001
Impact of OpenSSL Vulnerabilities Disclosed Feb 7, 2023 | | | | 2023-02-08 | 2023-02-08 |
0 | PAN-SA-2022-0007
Impact of OpenSSL 3.0 Vulnerability CVE-2022-3996 | | | | 2022-12-23 | 2022-12-23 |