CVSS Summary Versions Affected Unaffected Published Updated 4.3 CVE-2025-0140
GlobalProtect App: Non Admin User Can Disable the GlobalProtect App GlobalProtect App
GlobalProtect App 6.3
GlobalProtect App 6.2
GlobalProtect App 6.1
GlobalProtect App 6.0
GlobalProtect UWP App
None on Android, None on Chrome OS, None on iOS, None on Windows
< 6.3.3-h1 (6.3.3-c650) on macOS
< 6.2.8-h2 (6.2.8-c243) on macOS, < 6.2.8 on Linux
All on macOS, All on Linux
All on macOS, All on Linux
None
All on Android, All on Chrome OS, All on iOS, All on Windows
>= 6.3.3-h1 (6.3.3-c650) on macOS
>= 6.2.8-h2 (6.2.8-c243) on macOS, >= 6.2.8 on Linux (ETA: July 11, 2025)
None on macOS, None on Linux
None on macOS, None on Linux
All
2025-07-09 2025-07-09 5.7 CVE-2025-0141
GlobalProtect App: Privilege Escalation (PE) Vulnerability GlobalProtect App
GlobalProtect App 6.3
GlobalProtect App 6.2
GlobalProtect App 6.1
GlobalProtect App 6.0
GlobalProtect UWP App
None on Android, None on Chrome OS, None on iOS
< 6.3.3-h1 (6.3.3-c650) on macOS, < 6.3.3-h1 (6.3.3-c650) on Windows
< 6.2.8-h2 (6.2.8-c243) on macOS, < 6.2.8-h2 (6.2.8-c243) on Windows, < 6.2.8 on Linux
All on macOS, All on Windows, All on Linux
All on macOS, All on Windows, All on Linux
None
All on Android, All on Chrome OS, All on iOS
>= 6.3.3-h1 (6.3.3-c650) on macOS, >= 6.3.3-h1 (6.3.3-c650) on Windows
>= 6.2.8-h2 (6.2.8-c243) on macOS, >= 6.2.8-h2 (6.2.8-c243) on Windows, >= 6.2.8 on Linux (ETA: July 11, 2025)
None on macOS, None on Windows, None on Linux
None on macOS, None on Windows, None on Linux
All
2025-07-09 2025-07-09 7.1 CVE-2025-4232
GlobalProtect: Authenticated Code Injection Through Wildcard on macOS GlobalProtect App
GlobalProtect App 6.3
GlobalProtect App 6.2
GlobalProtect App 6.1
GlobalProtect App 6.0
None on Windows, Linux, Android, iOS, Chrome OS
< 6.3.3 on macOS
< 6.2.8-h2 [6.2.8-c243] on macOS
All on macOS
All on macOS
All on Windows, Linux, Android, iOS, Chrome OS
>= 6.3.3 on macOS
>= 6.2.8-h2 [6.2.8-c243] on macOS
None on macOS
None on macOS
2025-06-11 2025-06-23 0.3 CVE-2025-4227
GlobalProtect App: Interception in Endpoint Traffic Policy Enforcement GlobalProtect App
GlobalProtect App 6.3
GlobalProtect App 6.2
GlobalProtect App 6.1
GlobalProtect App 6.0
None on Linux, Android, iOS, Chrome OS, UWP ¹
< 6.3.3-c650 on Windows, macOS
< 6.2.8-h2 [6.2.8-c243] on Windows, macOS
All on Windows, macOS
All on Windows, macOS
All on Linux, Android, iOS, Chrome OS, UWP ¹
>= 6.3.3-c650 on Windows, macOS
>= 6.2.8-h2 [6.2.8-c243] on Windows, macOS
None on Windows, macOS
None on Windows, macOS
2025-06-11 2025-06-13 1.9 CVE-2025-0135
GlobalProtect App on macOS: Non Admin User Can Disable the GlobalProtect App GlobalProtect App
GlobalProtect App 6.3
GlobalProtect App 6.2
GlobalProtect App 6.1
GlobalProtect App 6.0
GlobalProtect UWP App
None on Android, None on Chrome OS, None on iOS, None on Windows, None on Linux
< 6.3.3 on macOS
< 6.2.8 on macOS
All on macOS
All on macOS
None
All on Android, All on Chrome OS, All on iOS, All on Windows, All on Linux
>= 6.3.3 on macOS
>= 6.2.8 on macOS
None on macOS
None on macOS
All
2025-05-14 2025-06-06 4 CVE-2025-0120
GlobalProtect App: Local Privilege Escalation (PE) Vulnerability GlobalProtect App
GlobalProtect App 6.3
GlobalProtect App 6.2
GlobalProtect App 6.1
GlobalProtect App 6.0
GlobalProtect UWP App
None on macOS, None on Linux, None on iOS, None on Android, None on Chrome OS
< 6.3.3 on Windows
< 6.2.7-1077 on Windows, < 6.2.8 on Windows
All on Windows
< 6.0.12 on Windows
None
All on macOS, All on Linux, All on iOS, All on Android, All on Chrome OS
>= 6.3.3 on Windows
>= 6.2.7-1077 on Windows, >= 6.2.8 on Windows
None on Windows
>= 6.0.12 on Windows (ETA: May 2025)
All
2025-04-09 2025-05-02 2.2 CVE-2025-0118
GlobalProtect App: Execution of Unsafe ActiveX Control Vulnerability GlobalProtect App
GlobalProtect App 6.3
GlobalProtect App 6.2
GlobalProtect App 6.1
GlobalProtect App 6.0
GlobalProtect UWP App
None on macOS, Linux, iOS, Android, Chrome OS
< 6.3.3 on Windows
< 6.2.5 on Windows
< 6.1.6 on Windows
< 6.0.11 on Windows
None
All on macOS, Linux, iOS, Android, Chrome OS
>= 6.3.3 on Windows
>= 6.2.5 on Windows
>= 6.1.6 on Windows
>= 6.0.11 on Windows
All
2025-03-12 2025-03-12 4.3 CVE-2025-0117
GlobalProtect App: Local Privilege Escalation (PE) Vulnerability GlobalProtect App
GlobalProtect App 6.3
GlobalProtect App 6.2
GlobalProtect App 6.1
GlobalProtect App 6.0
GlobalProtect UWP App
None on iOS, None on Android, None on Chrome OS, None on macOS
< 6.3.3 on Windows
< 6.2.6 on Windows
All on Windows
All on Windows
None
All on iOS, All on Android, All on Chrome OS, All on macOS
>= 6.3.3 on Windows*
>= 6.2.6 on Windows*
None on Windows
None on Windows (Fix version ETA: May 2025)
All
2025-03-12 2025-05-01 5.6 CVE-2024-5921
GlobalProtect App: Insufficient Certificate Validation Leads to Privilege Escalation GlobalProtect App 6.3
GlobalProtect App 6.2
GlobalProtect App 6.1
GlobalProtect App 6.0
GlobalProtect App 5.1
< 6.3.2* on Windows, < 6.3.2* on macOS
< 6.2.6* on Windows, < 6.2.6-c857* on macOS, < 6.2.1-c31* on Linux, < 6.2.6* on Windows UWP
All on Windows, All on macOS, All on Linux, < 6.1.6* on Android, < 6.1.7* on iOS
None on FIPS-CC mode
None on FIPS-CC mode
>= 6.3.2* on Windows, >= 6.3.2* on macOS
>= 6.2.6* on Windows, >= 6.2.6-c857* on macOS, >= 6.2.1-c31* on Linux, >= 6.2.6* on Windows UWP (ETA: end of June)
None on Windows, None on macOS, None on Linux, >= 6.1.6* on Android, >= 6.1.7* on iOS
All on FIPS-CC mode
All on FIPS-CC mode
2024-11-26 2025-05-02 5.2 CVE-2024-9473
GlobalProtect App: Local Privilege Escalation (PE) Vulnerability GlobalProtect App 6.3
GlobalProtect App 6.2
GlobalProtect App 6.1
GlobalProtect App 6.0
GlobalProtect App 5.1
< 6.3.1-c383 on Windows
< 6.2.5 on Windows
< 6.1.4-c720 on Windows, = 6.1.5 on Windows
< 6.0.10-c823 on Windows
All on Windows
>= 6.3.1-c383 on Windows
>= 6.2.5 on Windows
>= 6.1.4-c720 on Windows
>= 6.0.10-c823 on Windows
None on Windows
2024-10-09 2024-10-24 i CVE-2024-47076
Informational: No Impact of CUPS Vulnerabilities on Palo Alto Networks Products Cloud NGFW
Cortex XDR
Cortex XDR Agent
Cortex XSIAM
Cortex XSOAR
GlobalProtect App
PAN-OS
Prisma Access
Prisma Access Browser
Prisma Cloud
Prisma Cloud Compute
Prisma SD-WAN
None
None
None
None
None
None
None
None
None
None
None
None
All
All
All
All
All
All
All
All
All
All
All
All
2024-09-26 2024-09-26 6.9 CVE-2024-8687
PAN-OS: Cleartext Exposure of GlobalProtect Portal Passcodes Cloud NGFW
GlobalProtect App 6.3
GlobalProtect App 6.2
GlobalProtect App 6.1
GlobalProtect App 6.0
GlobalProtect App 5.2
GlobalProtect App 5.1
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 11.0
PAN-OS 10.2
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
Prisma Access
None
None
< 6.2.1
< 6.1.2
< 6.0.7
< 5.2.13
< 5.1.12
None
None
< 11.0.1
< 10.2.4
< 10.1.9
< 10.0.12
< 9.1.16
< 9.0.17
< 8.1.25
< 10.2.9 on PAN-OS
All
All
>= 6.2.1
>= 6.1.2
>= 6.0.7
>= 5.2.13
>= 5.1.12
All
All
>= 11.0.1
>= 10.2.4
>= 10.1.9
>= 10.0.12
>= 9.1.16
>= 9.0.17
>= 8.1.25
>= 10.2.9 on PAN-OS
2024-09-11 2024-09-11 5.2 CVE-2024-5915
GlobalProtect App: Local Privilege Escalation (PE) Vulnerability GlobalProtect App 6.3
GlobalProtect App 6.2
GlobalProtect App 6.1
GlobalProtect App 6.0
GlobalProtect App 5.1
< 6.3.1 on Windows
< 6.2.4 on Windows
< 6.1.5 on Windows
< 6.0.10-c826 on Windows
< 5.1.x on Windows
>= 6.3.1 on Windows
>= 6.2.4 on Windows
>= 6.1.5 on Windows
>= 6.0.10-c826 on Windows
>= 5.1.x (ETA: December 2024) on Windows
2024-08-14 2024-11-06 5.5 CVE-2024-5908
GlobalProtect App: Encrypted Credential Exposure via Log Files GlobalProtect App 6.2
GlobalProtect App 6.1
GlobalProtect App 6.0
GlobalProtect App 5.1
< 6.2.3 on Windows and macOS, None on Linux
< 6.1.3 on Windows and macOS, None on Android and iOS, < 6.1.3 on Linux
< 6.0.8 on Windows and macOS, All on Linux
< 5.1.12 on Windows and macOS, All on Linux
>= 6.2.3 on Windows and macOS, All on Linux
>= 6.1.3 on Windows and macOS, All on Android and iOS, >= 6.1.3 on Linux
>= 6.0.8 on Windows and macOS, None on Linux
>= 5.1.12 on Windows and macOS, None on Linux
2024-06-12 2024-08-14 2.1 CVE-2024-3661
Impact of TunnelVision Vulnerability Cloud NGFW
GlobalProtect App
PAN-OS
Prisma Access
None
All without Endpoint Traffic Policy Enforcement set to All Traffic on Windows, All without Endpoint Traffic Policy Enforcement set to All Traffic on macOS, All on Linux, All without IncludeAllNetworks set to 1 on iOS, None on Android
None
None
All
All with Endpoint Traffic Policy Enforcement set to All Traffic on Windows, All with Endpoint Traffic Policy Enforcement set to All Traffic on macOS, Upcoming major release on Linux, All with IncludeAllNetworks set to 1 on iOS, All on Android
All
All
2024-05-16 2024-05-16 i CVE-2024-3094
Informational: Impact of Malicious Code in XZ Tools and Libraries (CVE-2024-3094) 2024-04-01 2024-04-01 5.7 CVE-2024-2431
GlobalProtect App: Local User Can Disable GlobalProtect GlobalProtect App 6.2
GlobalProtect App 6.1
GlobalProtect App 6.0
GlobalProtect App 5.2
GlobalProtect App 5.1
None
< 6.1.1
< 6.0.4
< 5.2.13
< 5.1.12
All
>= 6.1.1
>= 6.0.4
>= 5.2.13
>= 5.1.12
2024-03-13 2024-03-13 5.2 CVE-2024-2432
GlobalProtect App: Local Privilege Escalation (PE) Vulnerability GlobalProtect App 6.2
GlobalProtect App 6.1
GlobalProtect App 6.0
GlobalProtect App 5.1
< 6.2.1 on Windows
< 6.1.2 on Windows
< 6.0.8 on Windows
< 5.1.12 on Windows
>= 6.2.1 on Windows
>= 6.1.2 on Windows
>= 6.0.8 on Windows
>= 5.1.12 on Windows
2024-03-13 2024-03-18 0 CVE-2023-44487
Impact of Rapid Reset and HTTP/2 DoS Vulnerabilities (CVE-2023-44487, CVE-2023-35945) 2023-10-11 2023-10-25 i PAN-SA-2023-0003
Informational Bulletin: Impact of MOVEit Vulnerabilities (CVE-2023-34362, CVE-2023-35036, CVE-2023-35708) 2023-06-16 2023-06-20 7.8 CVE-2023-0009
GlobalProtect App: Local Privilege Escalation (PE) Vulnerability GlobalProtect App 6.2
GlobalProtect App 6.1
GlobalProtect App 6.0
GlobalProtect App 5.2
GlobalProtect App 5.1
None
< 6.1.1 on Windows
< 6.0.5 on Windows
< 5.2.13 on Windows
< 5.1.12 on Windows
All
>= 6.1.1
>= 6.0.5
>= 5.2.13
>= 5.1.12
2023-06-14 2024-04-10 6.3 CVE-2023-0006
GlobalProtect App: Local File Deletion Vulnerability GlobalProtect App 6.1
GlobalProtect App 6.0
GlobalProtect App 5.2
GlobalProtect App 5.1
< 6.1.1 on Windows
< 6.0.4 on Windows
< 5.2.13 on Windows
< 5.1.12 on Windows
>= 6.1.1 on Windows
>= 6.0.4 on Windows
>= 5.2.13 on Windows
>= 5.1.12 on Windows
2023-04-12 2024-04-10 0 PAN-SA-2023-0001
Impact of OpenSSL Vulnerabilities Disclosed Feb 7, 2023 2023-02-08 2023-02-08 0 PAN-SA-2022-0007
Impact of OpenSSL 3.0 Vulnerability CVE-2022-3996 2022-12-23 2022-12-23 0 CVE-2022-42889
Impact of Apache Text Commons Vulnerability CVE-2022-42889 2022-11-09 2022-11-09
