Privilege Escalation Flaw in Palo Alto Networks Digital Experience Manager
CVE-2025-0139

6.3MEDIUM

Key Information:

Vendor

Palo Alto Networks
Status
Autonomous Digital Experience Manager
Vendor
CVE Published:
9 July 2025

Badges

👾 Exploit Exists

What is CVE-2025-0139?

A vulnerability has been identified in Palo Alto Networks Autonomous Digital Experience Manager that enables a locally authenticated user with low privileges on macOS endpoints to escalate their privileges to root. This incorrect privilege assignment flaw could be exploited by malicious actors to gain unauthorized access to sensitive system resources and perform actions with elevated permissions, significantly compromising system security.

Affected Version(s)

Autonomous Digital Experience Manager macOS 5.6.0 < 5.6.7

References

https://security.paloaltonetworks.com/CVE-2025-0139
vendor-advisory

CVSS V4

Score:
6.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

NVIDIA PSIRT
JSON
.