Privilege Escalation Vulnerability in Palo Alto Networks GlobalProtect App for Windows
CVE-2025-0131

7.1HIGH

Key Information:

Vendor

Opswat

Status
Metadefender Endpoint Security Sdk
Vendor
CVE Published:
14 May 2025

Badges

👾 Exploit Exists

What is CVE-2025-0131?

A privilege management vulnerability exists in the OPSWAT MetaDefender Endpoint Security SDK used by Palo Alto Networks' GlobalProtect application. This weakness enables locally authenticated non-administrative Windows users to escalate their privileges to NT AUTHORITY\SYSTEM, allowing for potential unauthorized access to system resources. Exploitation of the vulnerability requires the attacker to also exploit a race condition, which complicates the successful execution of this attack. This intricate interaction between privilege management and race conditions raises significant security concerns for users relying on this application.

Affected Version(s)

MetaDefender Endpoint Security SDK Windows 4.3.0 < 4.3.4451

References

https://security.paloaltonetworks.com/CVE-2025-0131
third-party-advisory
https://www.opswat.com/docs/mdsdk/release-notes/cve-2025-...
vendor-advisory

CVSS V4

Score:
7.1
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Palo Alto Networks thanks Maxime Escourbiac, Michelin CERT, Yassine Bengana, Abicom for Michelin CERT, and Sandro Poppi of Wacker Chemie AG for discovering and reporting the issue. Palo Alto Networks thanks OPSWAT for remediating this issue in the MetaDefender Endpoint Security SDK.
.
CVE-2025-0131 : Privilege Escalation Vulnerability in Palo Alto Networks GlobalProtect App for Windows