Privilege Escalation Vulnerability in Palo Alto Networks GlobalProtect App for Windows
CVE-2025-0120

7.1HIGH

Key Information:

Vendor: Palo Alto Networks
Status: Globalprotect App; Globalprotect UWP App
Vendor: CVE Published:; 11 April 2025

Badges

👾 Exploit Exists

Summary

A privilege management flaw in Palo Alto Networks GlobalProtect app on Windows systems allows authenticated non-administrative users to escalate their privileges to NT AUTHORITY\SYSTEM. Although exploitation of this vulnerability requires the attacker to successfully carry out a race condition, it poses significant risks if leveraged. Users should ensure their systems are updated and patched as per vendor advisories to mitigate this threat.

Affected Version(s)

GlobalProtect App Windows 6.3.0 < 6.3.3

GlobalProtect App Windows 6.2.0 < 6.2.8

GlobalProtect App Windows 6.1.0

References

https://security.paloaltonetworks.com/CVE-2025-0120

vendor-advisory

CVSS V4

Score:

7.1

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Timeline

👾
Exploit known to exist
Apr 11, 2025
Vulnerability published
Apr 11, 2025
Vulnerability Reserved
Dec 20, 2024

Credit

Maxime ESCOURBIAC, Michelin CERT

Yassine BENGANA, Abicom for Michelin CERT