FKIE_CVE-2025-0120

Vulnerability from fkie_nvd - Published: 2025-04-11 02:15 - Updated: 2025-06-27 16:51
Severity ?
7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability with a privilege management mechanism in the Palo Alto Networks GlobalProtect™ app on Windows devices allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY\SYSTEM. However, execution requires that the local user can also successfully exploit a race condition, which makes this vulnerability difficult to exploit.
References
psirt@paloaltonetworks.comhttps://security.paloaltonetworks.com/CVE-2025-0120Vendor Advisory
Impacted products
Vendor Product Version
paloaltonetworks globalprotect *
paloaltonetworks globalprotect *
paloaltonetworks globalprotect *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "B6E8BBD7-AE9C-4708-BCE5-805250956365",
              "versionEndExcluding": "6.0.12",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "5C174DAD-5FAC-4815-B1D6-34E18903EA0D",
              "versionEndExcluding": "6.2.7-1077",
              "versionStartIncluding": "6.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "3A842EBF-EA01-4D05-96C5-7F2061951423",
              "versionEndExcluding": "6.3.3",
              "versionStartIncluding": "6.3.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability with a privilege management mechanism in the Palo Alto Networks GlobalProtect\u2122 app on Windows devices allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY\\SYSTEM. However, execution requires that the local user can also successfully exploit a race condition, which makes this vulnerability difficult to exploit."
    },
    {
      "lang": "es",
      "value": " Una vulnerabilidad con un mecanismo de administraci\u00f3n de privilegios en la aplicaci\u00f3n Palo Alto Networks GlobalProtect\u2122 en dispositivos Windows permite que un usuario de Windows no administrativo autenticado localmente escale sus privilegios a NT AUTHORITY\\SYSTEM. Sin embargo, la ejecuci\u00f3n requiere que el usuario local tambi\u00e9n pueda explotar con \u00e9xito una condici\u00f3n de ejecuci\u00f3n, lo que hace que esta vulnerabilidad sea dif\u00edcil de explotar."
    }
  ],
  "id": "CVE-2025-0120",
  "lastModified": "2025-06-27T16:51:19.773",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.0,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.0,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NO",
          "Recovery": "USER",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "PRESENT",
          "attackVector": "LOCAL",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 7.1,
          "baseSeverity": "HIGH",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "LOW",
          "providerUrgency": "AMBER",
          "subAvailabilityImpact": "HIGH",
          "subConfidentialityImpact": "HIGH",
          "subIntegrityImpact": "HIGH",
          "userInteraction": "NONE",
          "valueDensity": "CONCENTRATED",
          "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:M/U:Amber",
          "version": "4.0",
          "vulnAvailabilityImpact": "NONE",
          "vulnConfidentialityImpact": "NONE",
          "vulnIntegrityImpact": "HIGH",
          "vulnerabilityResponseEffort": "MODERATE"
        },
        "source": "psirt@paloaltonetworks.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-04-11T02:15:18.197",
  "references": [
    {
      "source": "psirt@paloaltonetworks.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://security.paloaltonetworks.com/CVE-2025-0120"
    }
  ],
  "sourceIdentifier": "psirt@paloaltonetworks.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-250"
        }
      ],
      "source": "psirt@paloaltonetworks.com",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.