CVE-2025-0120 GlobalProtect App: Local Privilege Escalation (PE) Vulnerability

Palo Alto Networks Security Advisories / CVE-2025-0120

CVE-2025-0120 GlobalProtect App: Local Privilege Escalation (PE) Vulnerability

Urgency MODERATE

Severity 4 · MEDIUM

Exploit Maturity UNREPORTED

Response Effort MODERATE

Recovery USER

Value Density CONCENTRATED

Attack Vector LOCAL

Attack Complexity LOW

Attack Requirements PRESENT

Automatable NO

User Interaction NONE

Product Confidentiality NONE

Product Integrity HIGH

Product Availability NONE

Privileges Required LOW

Subsequent Confidentiality HIGH

Subsequent Integrity HIGH

Subsequent Availability HIGH

CVE JSON CSAF

Published 2025-04-09

Updated 2025-04-11

Reference GPC-19862, GPC-19858

Discovered externally

Description

A vulnerability with a privilege management mechanism in the Palo Alto Networks GlobalProtect™ app on Windows devices allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY\SYSTEM. However, execution requires that the local user can also successfully exploit a race condition, which makes this vulnerability difficult to exploit.

Product Status

Versions	Affected	Unaffected
GlobalProtect App	None on macOS None on Linux None on iOS None on Android None on Chrome OS	All on macOS All on Linux All on iOS All on Android All on Chrome OS
GlobalProtect App 6.3	< 6.3.3 on Windows	>= 6.3.3 on Windows (ETA: End of April 2025)
GlobalProtect App 6.2	< 6.2.7-h3 on Windows < 6.2.8 on Windows	>= 6.2.7-h3 on Windows >= 6.2.8 on Windows
GlobalProtect App 6.1	All on Windows	None on Windows
GlobalProtect App 6.0	All on Windows	None on Windows
GlobalProtect UWP App	None	All

Required Configuration for Exposure

No special configuration is required to be affected by this issue.

Severity: MEDIUM, Suggested Urgency: MODERATE

A local Windows user (or malware) with non-administrative rights elevates their privileges to NT AUTHORITY/SYSTEM.
MEDIUM - CVSS-BT: 4.0 /CVSS-B: 7.1 (CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:H/SI:H/SA:H/E:U/AU:N/R:U/V:C/RE:M/U:Amber)

Exploitation Status

Palo Alto Networks is not aware of any malicious exploitation of this issue.

Weakness Type and Impact

CWE-250 Execution with Unnecessary Privileges

CAPEC-233 Privilege Escalation

Solution

Version	Suggested Solution
GlobalProtect App 6.3 on Windows	Upgrade to 6.3.3 or later
GlobalProtect App 6.2 on Windows	Upgrade to 6.2.7-h3 or 6.2.8 or later
GlobalProtect App 6.1 on Windows	Upgrade to 6.2.8 or later or upgrade to 6.3.3 or later
GlobalProtect App 6.0 on Windows	Upgrade to 6.2.8 or later or upgrade to 6.3.3 or later
GlobalProtect App on macOS	No action needed
GlobalProtect App on Linux	No action needed
GlobalProtect App on iOS	No action needed
GlobalProtect App on Android	No action needed
GlobalProtect UWP App	No action needed

Workarounds and Mitigations

No workaround or mitigation is available.

Acknowledgments

Palo Alto Networks thanks Maxime ESCOURBIAC, Michelin CERT and Yassine BENGANA, Abicom for Michelin CERT for discovering and reporting the issue.

CPEs

cpe:2.3:a:paloaltonetworks:globalprotect_app:6.3.2:-:*:*:*:*:*:*

cpe:2.3:a:paloaltonetworks:globalprotect_app:6.3.1:-:*:*:*:*:*:*

cpe:2.3:a:paloaltonetworks:globalprotect_app:6.3.0:-:*:*:*:*:*:*

cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.7:-:*:*:*:*:*:*

cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.6:-:*:*:*:*:*:*

cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.4:-:*:*:*:*:*:*

cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.3:-:*:*:*:*:*:*

cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.2:-:*:*:*:*:*:*

cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.1:-:*:*:*:*:*:*

cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.0:-:*:*:*:*:*:*