Palo Alto Networks Security Advisories / CVE-2025-0139

CVE-2025-0139 Autonomous Digital Experience Manager: Privilege Escalation (PE) Vulnerability

Urgency MODERATE

047910
Severity 2.4 · LOW
Exploit Maturity UNREPORTED
Response Effort MODERATE
Recovery USER
Value Density DIFFUSE
Attack Vector LOCAL
Attack Complexity LOW
Attack Requirements NONE
Automatable NO
User Interaction NONE
Product Confidentiality NONE
Product Integrity LOW
Product Availability NONE
Privileges Required LOW
Subsequent Confidentiality HIGH
Subsequent Integrity HIGH
Subsequent Availability HIGH

Description

An incorrect privilege assignment vulnerability in Palo Alto Networks Autonomous Digital Experience Manager allows a locally authenticated low privileged user on macOS endpoints to escalate their privileges to root.

Product Status

VersionsAffectedUnaffected
Autonomous Digital Experience Manager 5.6.0< 5.6.7 on macOS>= 5.6.7 on macOS

Required Configuration for Exposure

No special configuration is required to be vulnerable to this issue.

Severity: LOW, Suggested Urgency: MODERATE

CVSS-BT: 2.4 / CVSS-B: 6.3 (CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H/E:U/AU:N/R:U/V:D/RE:M/U:Amber)

Exploitation Status

Palo Alto Networks is not aware of any malicious exploitation of this issue.

Weakness Type and Impact

CWE-266 Incorrect Privilege Assignment

CAPEC-233 Privilege Escalation

Solution

Version
Minor Version
Suggested Solution
Autonomous Digital Experience Manager 5.6 on macOS
5.6.0 through 5.6.6 Upgrade to 5.6.7 or later.

Workarounds and Mitigations

There are no known workarounds or mitigations for this issue.

Acknowledgments

Palo Alto Networks thanks NVIDIA PSIRT for discovering and reporting this issue.

CPE Applicability

Timeline

Initial Publication
© 2025 Palo Alto Networks, Inc. All rights reserved.