Palo Alto Networks Security Advisories / CVE-2025-0131

CVE-2025-0131 GlobalProtect App: Incorrect Privilege Management Vulnerability in OPSWAT MetaDefender Endpoint Security SDK

Urgency MODERATE

047910
Severity 4 · MEDIUM
Exploit Maturity UNREPORTED
Response Effort N/A
Recovery USER
Value Density DIFFUSE
Attack Vector LOCAL
Attack Complexity LOW
Attack Requirements PRESENT
Automatable NO
User Interaction NONE
Product Confidentiality NONE
Product Integrity HIGH
Product Availability NONE
Privileges Required LOW
Subsequent Confidentiality HIGH
Subsequent Integrity HIGH
Subsequent Availability HIGH
CVE JSON CSAF
Published 2025-05-14
Updated 2025-05-14
Reference GPC-21984
Discovered externally

Description

An incorrect privilege management vulnerability in the OPSWAT MetaDefender Endpoint Security SDK used by the Palo Alto Networks GlobalProtect™ app on Windows devices allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY\SYSTEM. However, execution requires that the local user also successfully exploits a race condition, which makes this vulnerability difficult to exploit.

Product Status

VersionsAffectedUnaffected
MetaDefender Endpoint Security SDK 4.3.0< 4.3.4451 on Windows>= 4.3.4451 on Windows

Required Configuration for Exposure

No special configuration is required to be affected by this issue.

Severity: MEDIUM, Suggested Urgency: MODERATE

CVSS-BT: 4.0 / CVSS-B: 7.1 (CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:H/SI:H/SA:H/E:U/AU:N/R:U/V:D/U:Amber)

Exploitation Status

Palo Alto Networks is not aware of any malicious exploitation of this issue.

Weakness Type and Impact

CWE-266: Incorrect Privilege Assignment

CAPEC-233 Privilege Escalation

Solution

This issue is fixed in MetaDefender Endpoint Security SDK 4.3.4451 on Windows, and all later MetaDefender Endpoint Security SDK versions on Windows. To mitigate this issue in the GlobalProtect App on Windows update to one of the listed versions (these versions include the updated MetaDefender Endpoint Security SDK):

Version
Suggested Solution
GlobalProtect App 6.3 on WindowsUpgrade to 6.3.3 or later
GlobalProtect App 6.2 on Windows
Upgrade to 6.2.8 or later
GlobalProtect App 6.1 on Windows
Upgrade to 6.2.8 or later or 6.3.3 or later
GlobalProtect App 6.0 on Windows
Upgrade to 6.2.8 or later or 6.3.3 or later
GlobalProtect App on macOSNot applicable
GlobalProtect App on LinuxNot applicable
GlobalProtect App on iOSNot applicable
GlobalProtect App on AndroidNot applicable
GlobalProtect UWP AppNot applicable

Workarounds and Mitigations

No known workarounds or mitigations exist for this issue.

Acknowledgments

Palo Alto Networks thanks Maxime Escourbiac, Michelin CERT, Yassine Bengana, Abicom for Michelin CERT, and Sandro Poppi for discovering and reporting the issue. Palo Alto Networks thanks OPSWAT for remediating this issue in the MetaDefender Endpoint Security SDK.

Timeline

Initial Publication
Terms of usePrivacyProduct Security Assurance and Vulnerability Disclosure PolicyReport vulnerabilitiesManage subscriptions
© 2025 Palo Alto Networks, Inc. All rights reserved.