CVSS Summary Versions Affected Unaffected Published Updated 2.2 CVE-2025-0118
GlobalProtect App: Execution of Unsafe ActiveX Control Vulnerability GlobalProtect App
GlobalProtect App 6.3
GlobalProtect App 6.2
GlobalProtect App 6.1
GlobalProtect App 6.0
GlobalProtect UWP App
None on macOS, Linux, iOS, Android, Chrome OS
< 6.3.3 on Windows
< 6.2.5 on Windows
< 6.1.6 on Windows
< 6.0.11 on Windows
None
All on macOS, Linux, iOS, Android, Chrome OS
>= 6.3.3 on Windows
>= 6.2.5 on Windows
>= 6.1.6 on Windows
>= 6.0.11 on Windows
All
2025-03-12 2025-03-12 4.3 CVE-2025-0117
GlobalProtect App: Local Privilege Escalation (PE) Vulnerability GlobalProtect App
GlobalProtect App 6.3
GlobalProtect App 6.2
GlobalProtect App 6.1
GlobalProtect App 6.0
GlobalProtect UWP App
None on iOS, None on Android, None on Chrome OS, None on macOS
< 6.3.3 on Windows
< 6.2.6 on Windows
All on Windows
All on Windows
None
All on iOS, All on Android, All on Chrome OS, All on macOS
>= 6.3.3 on Windows (ETA: April 2025)*
>= 6.2.6 on Windows*
None on Windows
None on Windows
All
2025-03-12 2025-03-13 5.6 CVE-2024-5921
GlobalProtect App: Insufficient Certificate Validation Leads to Privilege Escalation GlobalProtect App 6.3
GlobalProtect App 6.2
GlobalProtect App 6.1
GlobalProtect App 6.0
GlobalProtect App 5.1
< 6.3.2* on Windows, < 6.3.2* on macOS
< 6.2.6* on Windows, < 6.2.6-c857* on macOS, < 6.2.1-c31* on Linux, < 6.2.6* on Windows UWP
All on Windows, All on macOS, All on Linux, < 6.1.6* on Android, < 6.1.7* on iOS
None on FIPS-CC mode
None on FIPS-CC mode
>= 6.3.2* on Windows, >= 6.3.2* on macOS
>= 6.2.6* on Windows, >= 6.2.6-c857* on macOS, >= 6.2.1-c31* on Linux, >= 6.2.6* on Windows UWP (ETA: end of Feb)
None on Windows, None on macOS, None on Linux, >= 6.1.6* on Android, >= 6.1.7* on iOS
All on FIPS-CC mode
All on FIPS-CC mode
2024-11-26 2025-03-06 5.2 CVE-2024-9473
GlobalProtect App: Local Privilege Escalation (PE) Vulnerability GlobalProtect App 6.3
GlobalProtect App 6.2
GlobalProtect App 6.1
GlobalProtect App 6.0
GlobalProtect App 5.1
< 6.3.1-c383 on Windows
< 6.2.5 on Windows
< 6.1.4-c720 on Windows, = 6.1.5 on Windows
< 6.0.10-c823 on Windows
All on Windows
>= 6.3.1-c383 on Windows
>= 6.2.5 on Windows
>= 6.1.4-c720 on Windows
>= 6.0.10-c823 on Windows
None on Windows
2024-10-09 2024-10-24 i CVE-2024-47076
Informational: No Impact of CUPS Vulnerabilities on Palo Alto Networks Products Cloud NGFW
Cortex XDR
Cortex XDR Agent
Cortex XSIAM
Cortex XSOAR
GlobalProtect App
PAN-OS
Prisma Access
Prisma Access Browser
Prisma Cloud
Prisma Cloud Compute
Prisma SD-WAN
None
None
None
None
None
None
None
None
None
None
None
None
All
All
All
All
All
All
All
All
All
All
All
All
2024-09-26 2024-09-26 6.9 CVE-2024-8687
PAN-OS: Cleartext Exposure of GlobalProtect Portal Passcodes Cloud NGFW
GlobalProtect App 6.3
GlobalProtect App 6.2
GlobalProtect App 6.1
GlobalProtect App 6.0
GlobalProtect App 5.2
GlobalProtect App 5.1
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 11.0
PAN-OS 10.2
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
Prisma Access
None
None
< 6.2.1
< 6.1.2
< 6.0.7
< 5.2.13
< 5.1.12
None
None
< 11.0.1
< 10.2.4
< 10.1.9
< 10.0.12
< 9.1.16
< 9.0.17
< 8.1.25
< 10.2.9 on PAN-OS
All
All
>= 6.2.1
>= 6.1.2
>= 6.0.7
>= 5.2.13
>= 5.1.12
All
All
>= 11.0.1
>= 10.2.4
>= 10.1.9
>= 10.0.12
>= 9.1.16
>= 9.0.17
>= 8.1.25
>= 10.2.9 on PAN-OS
2024-09-11 2024-09-11 5.2 CVE-2024-5915
GlobalProtect App: Local Privilege Escalation (PE) Vulnerability GlobalProtect App 6.3
GlobalProtect App 6.2
GlobalProtect App 6.1
GlobalProtect App 6.0
GlobalProtect App 5.1
< 6.3.1 on Windows
< 6.2.4 on Windows
< 6.1.5 on Windows
< 6.0.10-c826 on Windows
< 5.1.x on Windows
>= 6.3.1 on Windows
>= 6.2.4 on Windows
>= 6.1.5 on Windows
>= 6.0.10-c826 on Windows
>= 5.1.x (ETA: December 2024) on Windows
2024-08-14 2024-11-06 5.5 CVE-2024-5908
GlobalProtect App: Encrypted Credential Exposure via Log Files GlobalProtect App 6.2
GlobalProtect App 6.1
GlobalProtect App 6.0
GlobalProtect App 5.1
< 6.2.3 on Windows and macOS, None on Linux
< 6.1.3 on Windows and macOS, None on Android and iOS, < 6.1.3 on Linux
< 6.0.8 on Windows and macOS, All on Linux
< 5.1.12 on Windows and macOS, All on Linux
>= 6.2.3 on Windows and macOS, All on Linux
>= 6.1.3 on Windows and macOS, All on Android and iOS, >= 6.1.3 on Linux
>= 6.0.8 on Windows and macOS, None on Linux
>= 5.1.12 on Windows and macOS, None on Linux
2024-06-12 2024-08-14 2.1 CVE-2024-3661
Impact of TunnelVision Vulnerability Cloud NGFW
GlobalProtect App
PAN-OS
Prisma Access
None
All without Endpoint Traffic Policy Enforcement set to All Traffic on Windows, All without Endpoint Traffic Policy Enforcement set to All Traffic on macOS, All on Linux, All without IncludeAllNetworks set to 1 on iOS, None on Android
None
None
All
All with Endpoint Traffic Policy Enforcement set to All Traffic on Windows, All with Endpoint Traffic Policy Enforcement set to All Traffic on macOS, Upcoming major release on Linux, All with IncludeAllNetworks set to 1 on iOS, All on Android
All
All
2024-05-16 2024-05-16 i CVE-2024-3094
Informational: Impact of Malicious Code in XZ Tools and Libraries (CVE-2024-3094) 2024-04-01 2024-04-01 5.7 CVE-2024-2431
GlobalProtect App: Local User Can Disable GlobalProtect GlobalProtect App 6.2
GlobalProtect App 6.1
GlobalProtect App 6.0
GlobalProtect App 5.2
GlobalProtect App 5.1
None
< 6.1.1
< 6.0.4
< 5.2.13
< 5.1.12
All
>= 6.1.1
>= 6.0.4
>= 5.2.13
>= 5.1.12
2024-03-13 2024-03-13 5.2 CVE-2024-2432
GlobalProtect App: Local Privilege Escalation (PE) Vulnerability GlobalProtect App 6.2
GlobalProtect App 6.1
GlobalProtect App 6.0
GlobalProtect App 5.1
< 6.2.1 on Windows
< 6.1.2 on Windows
< 6.0.8 on Windows
< 5.1.12 on Windows
>= 6.2.1 on Windows
>= 6.1.2 on Windows
>= 6.0.8 on Windows
>= 5.1.12 on Windows
2024-03-13 2024-03-18 0 CVE-2023-44487
Impact of Rapid Reset and HTTP/2 DoS Vulnerabilities (CVE-2023-44487, CVE-2023-35945) 2023-10-11 2023-10-25 i PAN-SA-2023-0003
Informational Bulletin: Impact of MOVEit Vulnerabilities (CVE-2023-34362, CVE-2023-35036, CVE-2023-35708) 2023-06-16 2023-06-20 7.8 CVE-2023-0009
GlobalProtect App: Local Privilege Escalation (PE) Vulnerability GlobalProtect App 6.2
GlobalProtect App 6.1
GlobalProtect App 6.0
GlobalProtect App 5.2
GlobalProtect App 5.1
None
< 6.1.1 on Windows
< 6.0.5 on Windows
< 5.2.13 on Windows
< 5.1.12 on Windows
All
>= 6.1.1
>= 6.0.5
>= 5.2.13
>= 5.1.12
2023-06-14 2024-04-10 6.3 CVE-2023-0006
GlobalProtect App: Local File Deletion Vulnerability GlobalProtect App 6.1
GlobalProtect App 6.0
GlobalProtect App 5.2
GlobalProtect App 5.1
< 6.1.1 on Windows
< 6.0.4 on Windows
< 5.2.13 on Windows
< 5.1.12 on Windows
>= 6.1.1 on Windows
>= 6.0.4 on Windows
>= 5.2.13 on Windows
>= 5.1.12 on Windows
2023-04-12 2024-04-10 0 PAN-SA-2023-0001
Impact of OpenSSL Vulnerabilities Disclosed Feb 7, 2023 2023-02-08 2023-02-08 0 PAN-SA-2022-0007
Impact of OpenSSL 3.0 Vulnerability CVE-2022-3996 2022-12-23 2022-12-23 0 CVE-2022-42889
Impact of Apache Text Commons Vulnerability CVE-2022-42889 2022-11-09 2022-11-09 0 PAN-SA-2022-0006
Impact of OpenSSL 3.0 Vulnerabilities CVE-2022-3786 and CVE-2022-3602 2022-10-31 2022-11-09 7.5 CVE-2022-0778
Impact of the OpenSSL Infinite Loop Vulnerability CVE-2022-0778 Cortex XDR Agent 7.7
Cortex XDR Agent 7.6
Cortex XDR Agent 7.5-CE
Cortex XDR Agent 7.5
Cortex XDR Agent 7.4
Cortex XDR Agent 6.1
Cortex XSOAR
GlobalProtect App 6.0
GlobalProtect App 5.3
GlobalProtect App 5.2
GlobalProtect App 5.1
PAN-OS 10.2
PAN-OS 10.1
PAN-OS 10.0
PAN-OS 9.1
PAN-OS 9.0
PAN-OS 8.1
Prisma Access 3.1
Prisma Access 3.0
Prisma Access 2.2
Prisma Access 2.1
Prisma Cloud
< 7.7.0.60725 on Windows, < 7.7.0.2356 on macOS, < 7.7.0.59559 on Linux
< 7.6.2.60545 on Windows, < 7.6.2.2311 on macOS, < 7.6.2.59612 on Linux
< 7.5.100.60642 on Windows, < 7.5.100.2276 on macOS, < 7.5.100.59687 on Linux
< 7.5.3.60113 on Windows, < 7.5.3.2265 on macOS, < 7.5.3.59465 on Linux
7.4.*
< 6.1.9.61370 on Windows, < 6.1.7.1690 on macOS, < 6.1.7.60245 on Linux
None
< 6.0.1 on Windows and macOS, < 6.0.2 on Android and iOS
< 5.3.4
< 5.2.12
< 5.1.11
< 10.2.1
< 10.1.5-h1
< 10.0.10
< 9.1.13-h3
< 9.0.16-h2
< 8.1.23
Preferred, Innovation
Preferred, Innovation
Preferred
Preferred, Innovation
None
>= 7.7.0.60725 on Windows, >= 7.7.0.2356 on macOS, >= 7.7.0.59559 on Linux
>= 7.6.2.60545 on Windows, >= 7.6.2.2311 on macOS, >= 7.6.2.59612 on Linux
>= 7.5.100.60642 on Windows, >= 7.5.100.2276 on macOS, >= 7.5.100.59687 on Linux
>= 7.5.3.60113 on Windows, >= 7.5.3.2265 on macOS, >= 7.5.3.59465 on Linux
None
>= 6.1.9.61370 on Windows, >= 6.1.7.1690 on macOS, >= 6.1.7.60245 on Linux
All
>= 6.0.1 on Windows and macOS, >= 6.0.2 on Android and iOS
>= 5.3.4
>= 5.2.12
>= 5.1.11
>= 10.2.1
>= 10.1.5-h1
>= 10.0.10
>= 9.1.13-h3
>= 9.0.16-h2
>= 8.1.23
None
None
None
None
All
2022-03-31 2022-06-24 i CVE-2022-22963
Informational: Impact of Spring Vulnerabilities CVE-2022-22963 and CVE-2022-22965 2022-03-31 2022-04-25 6.1 CVE-2022-0018
GlobalProtect App: Information Exposure Vulnerability When Connecting to GlobalProtect Portal With Single Sign-On Enabled GlobalProtect App 5.3
GlobalProtect App 5.2
GlobalProtect App 5.1
None
< 5.2.9 on Windows and MacOS
< 5.1.10 on Windows and MacOS
5.3.*
>= 5.2.9 on Windows and MacOS
>= 5.1.10 on Windows and MacOS
2022-02-09 2022-02-09 7 CVE-2022-0017
GlobalProtect App: Improper Link Resolution Vulnerability Leads to Local Privilege Escalation GlobalProtect App 5.3
GlobalProtect App 5.2
GlobalProtect App 5.1
None
< 5.2.5 on Windows
< 5.1.10 on Windows
5.3.*
>= 5.2.5 on Windows
>= 5.1.10 on Windows
2022-02-09 2022-02-09 3.3 CVE-2022-0021
GlobalProtect App: Information Exposure Vulnerability When Using Connect Before Logon GlobalProtect App 5.3
GlobalProtect App 5.2
GlobalProtect App 5.1
None
< 5.2.9 on Windows
None
5.3.*
>= 5.2.9 on Windows
5.1.*
2022-02-09 2022-02-09