csaf_certbund - wid-sec-w-2025-1063

WID-SEC-W-2025-1063

Vulnerability from csaf_certbund - Published: 2025-05-14 22:00 - Updated: 2025-05-14 22:00

Summary

PaloAlto Networks GlobalProtect: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

GlobalProtect von PaloAlto ist eine Sicherheitsplattform.

Angriff

Ein lokaler Angreifer kann mehrere Schwachstellen in PaloAlto Networks GlobalProtect ausnutzen, um seine Privilegien zu erhöhen, und um einen Denial of Service Angriff durchzuführen.

Betroffene Betriebssysteme

- MacOS X - Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "GlobalProtect von PaloAlto ist eine Sicherheitsplattform.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler Angreifer kann mehrere Schwachstellen in PaloAlto Networks GlobalProtect ausnutzen, um seine Privilegien zu erh\u00f6hen, und um einen Denial of Service Angriff durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- MacOS X\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-1063 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1063.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-1063 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1063"
      },
      {
        "category": "external",
        "summary": "Palo Alto Networks Security Advisories vom 2025-05-14",
        "url": "https://security.paloaltonetworks.com/CVE-2025-0131"
      },
      {
        "category": "external",
        "summary": "Palo Alto Networks Security Advisories vom 2025-05-14",
        "url": "https://security.paloaltonetworks.com/CVE-2025-0135"
      }
    ],
    "source_lang": "en-US",
    "title": "PaloAlto Networks GlobalProtect: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-05-14T22:00:00.000+00:00",
      "generator": {
        "date": "2025-05-15T11:04:17.779+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.12"
        }
      },
      "id": "WID-SEC-W-2025-1063",
      "initial_release_date": "2025-05-14T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-05-14T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c6.3.3",
                "product": {
                  "name": "PaloAlto Networks GlobalProtect \u003c6.3.3",
                  "product_id": "T043822"
                }
              },
              {
                "category": "product_version",
                "name": "6.3.3",
                "product": {
                  "name": "PaloAlto Networks GlobalProtect 6.3.3",
                  "product_id": "T043822-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:paloaltonetworks:globalprotect:6.3.3::macos"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c6.2.8",
                "product": {
                  "name": "PaloAlto Networks GlobalProtect \u003c6.2.8",
                  "product_id": "T043823"
                }
              },
              {
                "category": "product_version",
                "name": "6.2.8",
                "product": {
                  "name": "PaloAlto Networks GlobalProtect 6.2.8",
                  "product_id": "T043823-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:paloaltonetworks:globalprotect:6.2.8::macos"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "MetaDefender Endpoint Security SDK \u003c4.3.4451",
                "product": {
                  "name": "PaloAlto Networks GlobalProtect MetaDefender Endpoint Security SDK \u003c4.3.4451",
                  "product_id": "T043824"
                }
              },
              {
                "category": "product_version",
                "name": "MetaDefender Endpoint Security SDK 4.3.4451",
                "product": {
                  "name": "PaloAlto Networks GlobalProtect MetaDefender Endpoint Security SDK 4.3.4451",
                  "product_id": "T043824-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:paloaltonetworks:globalprotect:metadefender_endpoint_security_sdk__4.3.4451::windows"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "GlobalProtect"
          }
        ],
        "category": "vendor",
        "name": "PaloAlto Networks"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-0131",
      "product_status": {
        "known_affected": [
          "T043824"
        ]
      },
      "release_date": "2025-05-14T22:00:00.000+00:00",
      "title": "CVE-2025-0131"
    },
    {
      "cve": "CVE-2025-0135",
      "product_status": {
        "known_affected": [
          "T043822",
          "T043823"
        ]
      },
      "release_date": "2025-05-14T22:00:00.000+00:00",
      "title": "CVE-2025-0135"
    }
  ]
}

CVE-2025-0135 (GCVE-0-2025-0135)

Vulnerability from cvelistv5 – Published: 2025-05-14 18:08 – Updated: 2025-05-14 20:50

Summary

An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect™ App on macOS devices enables a locally authenticated non administrative user to disable the app. The GlobalProtect app on Windows, Linux, iOS, Android, Chrome OS and GlobalProtect UWP app are not affected.

Severity ?

5.2 (Medium)


                        
                          CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/AU:N/R:U/V:D/RE:M/U:Amber

CWE

CWE-266 - Incorrect Privilege Assignment

Assigner

palo_alto

References

URL

Tags

https://security.paloaltonetworks.com/CVE-2025-0135

vendor-advisory

Impacted products

Vendor

Product

Version

Palo Alto Networks

GlobalProtect App

Affected: 6.3.0 , < 6.3.3 (custom)
Affected: 6.2.0 , < 6.2.8 (custom)
Affected: 6.1.0 (custom)
Affected: 6.0.0 (custom)
    cpe:2.3:a:paloaltonetworks:globalprotect_app:6.3.2:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:globalprotect_app:6.3.1:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:globalprotect_app:6.3.0:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.4:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.3:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.2:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.1:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.0:-:*:*:*:*:*:*

	Palo Alto Networks	GlobalProtect App	Unaffected: All (custom) cpe:2.3:a:paloaltonetworks:globalprotect_app:6.3.2:-:::::: cpe:2.3:a:paloaltonetworks:globalprotect_app:6.3.1:-:::::: cpe:2.3:a:paloaltonetworks:globalprotect_app:6.3.0:-:::::: cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.4:-:::::: cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.3:-:::::: cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.2:-:::::: cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.1:-:::::: cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.0:-::::::
	Palo Alto Networks	GlobalProtect UWP App	Unaffected: All (custom)

Credits

Alex Bourla (alex.bourla@form3.tech) Graham Brereton (graham.brereton@form3.tech)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-0135",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-14T20:50:14.792647Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-14T20:50:20.200Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.3.2:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.3.1:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.3.0:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.4:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.3:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.2:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.1:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.0:-:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "platforms": [
            "macOS"
          ],
          "product": "GlobalProtect App",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "changes": [
                {
                  "at": "6.3.3",
                  "status": "unaffected"
                }
              ],
              "lessThan": "6.3.3",
              "status": "affected",
              "version": "6.3.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "6.2.8",
                  "status": "unaffected"
                }
              ],
              "lessThan": "6.2.8",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "6.1.0",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "6.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.3.2:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.3.1:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.3.0:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.4:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.3:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.2:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.1:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.0:-:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "platforms": [
            "Android",
            "Chrome OS",
            "iOS",
            "Windows",
            "Linux"
          ],
          "product": "GlobalProtect App",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "status": "unaffected",
              "version": "All",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "GlobalProtect UWP App",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "status": "unaffected",
              "version": "All",
              "versionType": "custom"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "No special configuration is required to be vulnerable to this issue."
            }
          ],
          "value": "No special configuration is required to be vulnerable to this issue."
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Alex Bourla (alex.bourla@form3.tech)"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Graham Brereton (graham.brereton@form3.tech)"
        }
      ],
      "datePublic": "2025-05-14T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect\u2122 App on macOS devices enables a locally authenticated non administrative user to disable the app.\u003cbr\u003e\u003cbr\u003eThe GlobalProtect app on Windows, Linux, iOS, Android, Chrome OS and GlobalProtect UWP app are not affected."
            }
          ],
          "value": "An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect\u2122 App on macOS devices enables a locally authenticated non administrative user to disable the app.\n\nThe GlobalProtect app on Windows, Linux, iOS, Android, Chrome OS and GlobalProtect UWP app are not affected."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
            }
          ],
          "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-578",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-578 Disable Security Software"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NO",
            "Recovery": "USER",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 5.2,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "LOW",
            "providerUrgency": "AMBER",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "PASSIVE",
            "valueDensity": "DIFFUSE",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/AU:N/R:U/V:D/RE:M/U:Amber",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "MODERATE"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-266",
              "description": "CWE-266: Incorrect Privilege Assignment",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-14T18:08:32.924Z",
        "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "shortName": "palo_alto"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.paloaltonetworks.com/CVE-2025-0135"
        }
      ],
      "solutions": [
        {
          "lang": "eng",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003cbr\u003e\u003c/th\u003e\u003cth\u003eSuggested Solution\u003cbr\u003e\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eGlobalProtect App 6.3 on macOS\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eUpgrade to 6.3.3 or later\u003cbr\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eGlobalProtect App 6.2 on macOS\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eUpgrade to 6.2.8 or later\u003cbr\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eGlobalProtect App 6.1 on macOS\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eUpgrade to 6.2.8 or later or 6.3.3 or later\u003cbr\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eGlobalProtect App 6.0 on macOS\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eUpgrade to 6.2.8 or later or 6.3.3 or later\u003cbr\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eGlobalProtect App on Linux\u003c/td\u003e\u003ctd\u003eNot Applicable\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eGlobalProtect App on Windows\u003c/td\u003e\u003ctd\u003eNot Applicable\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eGlobalProtect App on iOS\u003c/td\u003e\u003ctd\u003eNot Applicable\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eGlobalProtect App on Android\u003c/td\u003e\u003ctd\u003eNot Applicable\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eGlobalProtect UWP App\u003c/td\u003e\u003ctd\u003eNot Applicable\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e"
            }
          ],
          "value": "Version\nSuggested Solution\nGlobalProtect App 6.3 on macOS\nUpgrade to 6.3.3 or later\nGlobalProtect App 6.2 on macOS\nUpgrade to 6.2.8 or later\nGlobalProtect App 6.1 on macOS\nUpgrade to 6.2.8 or later or 6.3.3 or later\nGlobalProtect App 6.0 on macOS\nUpgrade to 6.2.8 or later or 6.3.3 or later\nGlobalProtect App on LinuxNot ApplicableGlobalProtect App on WindowsNot ApplicableGlobalProtect App on iOSNot ApplicableGlobalProtect App on AndroidNot ApplicableGlobalProtect UWP AppNot Applicable"
        }
      ],
      "source": {
        "defect": [
          "GPC-21582"
        ],
        "discovery": "EXTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2025-05-14T16:00:00.000Z",
          "value": "Initial Publication"
        }
      ],
      "title": "GlobalProtect App on macOS: Non Admin User Can Disable the GlobalProtect App",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "No workaround or mitigation is available."
            }
          ],
          "value": "No workaround or mitigation is available."
        }
      ],
      "x_affectedList": [
        "GlobalProtect App 6.3.2",
        "GlobalProtect App 6.3.1",
        "GlobalProtect App 6.3.0",
        "GlobalProtect App 6.3",
        "GlobalProtect App 6.2.4",
        "GlobalProtect App 6.2.3",
        "GlobalProtect App 6.2.2",
        "GlobalProtect App 6.2.1",
        "GlobalProtect App 6.2.0",
        "GlobalProtect App 6.2"
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
    "assignerShortName": "palo_alto",
    "cveId": "CVE-2025-0135",
    "datePublished": "2025-05-14T18:08:32.924Z",
    "dateReserved": "2024-12-20T23:24:28.176Z",
    "dateUpdated": "2025-05-14T20:50:20.200Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-0131 (GCVE-0-2025-0131)

Vulnerability from cvelistv5 – Published: 2025-05-14 18:06 – Updated: 2025-05-21 21:11

Summary

An incorrect privilege management vulnerability in the OPSWAT MetaDefender Endpoint Security SDK used by the Palo Alto Networks GlobalProtect™ app on Windows devices allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY\SYSTEM. However, execution requires that the local user also successfully exploits a race condition, which makes this vulnerability difficult to exploit.

Severity ?

7.1 (High)


                        
                          CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:H/SI:H/SA:H/AU:N/R:U/V:D/U:Amber

CWE

CWE-266 - Incorrect Privilege Assignment

Assigner

palo_alto

References

URL

Tags

	https://security.paloaltonetworks.com/CVE-2025-0131	third-party-advisory
	https://www.opswat.com/docs/mdsdk/release-notes/c…	vendor-advisory

Impacted products

	Vendor	Product	Version
	OPSWAT	MetaDefender Endpoint Security SDK	Affected: 4.3.0 , < 4.3.4451 (custom)

Credits

Palo Alto Networks thanks Maxime Escourbiac, Michelin CERT, Yassine Bengana, Abicom for Michelin CERT, and Sandro Poppi for discovering and reporting the issue. Palo Alto Networks thanks OPSWAT for remediating this issue in the MetaDefender Endpoint Security SDK.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-0131",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-16T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-17T03:56:03.127Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "MetaDefender Endpoint Security SDK",
          "vendor": "OPSWAT",
          "versions": [
            {
              "changes": [
                {
                  "at": "4.3.4451",
                  "status": "unaffected"
                }
              ],
              "lessThan": "4.3.4451",
              "status": "affected",
              "version": "4.3.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "No special configuration is required to be affected by this issue."
            }
          ],
          "value": "No special configuration is required to be affected by this issue."
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:opswat:metadefender_endpoint_security_sdk:*:*:windows:*:*:*:*:*",
                  "versionEndExcluding": "4.3.4451",
                  "versionStartIncluding": "4.3.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Palo Alto Networks thanks Maxime Escourbiac, Michelin CERT, Yassine Bengana, Abicom for Michelin CERT, and Sandro Poppi for discovering and reporting the issue. Palo Alto Networks thanks OPSWAT for remediating this issue in the MetaDefender Endpoint Security SDK."
        }
      ],
      "datePublic": "2025-05-14T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An incorrect privilege management vulnerability in the OPSWAT MetaDefender Endpoint Security SDK used by the Palo Alto Networks GlobalProtect\u2122 app on Windows devices allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY\\SYSTEM. However, execution requires that the local user also successfully exploits a race condition, which makes this vulnerability difficult to exploit."
            }
          ],
          "value": "An incorrect privilege management vulnerability in the OPSWAT MetaDefender Endpoint Security SDK used by the Palo Alto Networks GlobalProtect\u2122 app on Windows devices allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY\\SYSTEM. However, execution requires that the local user also successfully exploits a race condition, which makes this vulnerability difficult to exploit."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
            }
          ],
          "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-233",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-233 Privilege Escalation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NO",
            "Recovery": "USER",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "LOCAL",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "privilegesRequired": "LOW",
            "providerUrgency": "AMBER",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "valueDensity": "DIFFUSE",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:H/SI:H/SA:H/AU:N/R:U/V:D/U:Amber",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-266",
              "description": "CWE-266: Incorrect Privilege Assignment",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-21T21:11:37.004Z",
        "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "shortName": "palo_alto"
      },
      "references": [
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://security.paloaltonetworks.com/CVE-2025-0131"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.opswat.com/docs/mdsdk/release-notes/cve-2025-0131"
        }
      ],
      "solutions": [
        {
          "lang": "eng",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "This issue is fixed in MetaDefender Endpoint Security SDK 4.3.4451 on Windows, and all later MetaDefender Endpoint Security SDK versions on Windows. To mitigate this issue in the GlobalProtect App on Windows update to one of the listed versions (these versions include the updated MetaDefender Endpoint Security SDK):\u003cbr\u003e\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003cbr\u003e\u003c/th\u003e\u003cth\u003eSuggested Solution\u003cbr\u003e\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eGlobalProtect App 6.3 on Windows\u003c/td\u003e\u003ctd\u003eUpgrade to 6.3.3 or later\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eGlobalProtect App 6.2 on Windows\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eUpgrade to 6.2.8 or later\u003cbr\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eGlobalProtect App 6.1 on Windows\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eUpgrade to 6.2.8 or later or 6.3.3 or later\u003cbr\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eGlobalProtect App 6.0 on Windows\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eUpgrade to 6.2.8 or later or 6.3.3 or later\u003cbr\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eGlobalProtect App on macOS\u003c/td\u003e\u003ctd\u003eNot applicable\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eGlobalProtect App on Linux\u003c/td\u003e\u003ctd\u003eNot applicable\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eGlobalProtect App on iOS\u003c/td\u003e\u003ctd\u003eNot applicable\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eGlobalProtect App on Android\u003c/td\u003e\u003ctd\u003eNot applicable\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eGlobalProtect UWP App\u003c/td\u003e\u003ctd\u003eNot applicable\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
            }
          ],
          "value": "This issue is fixed in MetaDefender Endpoint Security SDK 4.3.4451 on Windows, and all later MetaDefender Endpoint Security SDK versions on Windows. To mitigate this issue in the GlobalProtect App on Windows update to one of the listed versions (these versions include the updated MetaDefender Endpoint Security SDK):\nVersion\nSuggested Solution\nGlobalProtect App 6.3 on WindowsUpgrade to 6.3.3 or laterGlobalProtect App 6.2 on Windows\nUpgrade to 6.2.8 or later\nGlobalProtect App 6.1 on Windows\nUpgrade to 6.2.8 or later or 6.3.3 or later\nGlobalProtect App 6.0 on Windows\nUpgrade to 6.2.8 or later or 6.3.3 or later\nGlobalProtect App on macOSNot applicableGlobalProtect App on LinuxNot applicableGlobalProtect App on iOSNot applicableGlobalProtect App on AndroidNot applicableGlobalProtect UWP AppNot applicable"
        }
      ],
      "source": {
        "defect": [
          "GPC-21984"
        ],
        "discovery": "EXTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2025-05-14T16:00:00.000Z",
          "value": "Initial Publication"
        }
      ],
      "title": "GlobalProtect App: Incorrect Privilege Management Vulnerability in OPSWAT MetaDefender Endpoint Security SDK",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "No known workarounds or mitigations exist for this issue."
            }
          ],
          "value": "No known workarounds or mitigations exist for this issue."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
    "assignerShortName": "palo_alto",
    "cveId": "CVE-2025-0131",
    "datePublished": "2025-05-14T18:06:45.870Z",
    "dateReserved": "2024-12-20T23:23:31.911Z",
    "dateUpdated": "2025-05-21T21:11:37.004Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2025-1063

CVE-2025-0135 (GCVE-0-2025-0135)

CVE-2025-0131 (GCVE-0-2025-0131)

Tags

Sightings

Nomenclature