Improper Access Control in Palo Alto Networks GlobalProtect App
CVE-2025-4227

1LOW

Key Information:

Vendor: Palo Alto Networks
Status: Globalprotect App
Vendor: CVE Published:; 13 June 2025

🔔 Create Palo Alto Networks Vulnerability Alert

Badges

👾 Exploit Exists

What is CVE-2025-4227?

An improper access control vulnerability exists in the Palo Alto Networks GlobalProtect app's Endpoint Traffic Policy Enforcement feature. This flaw may allow specific packets to bypass encryption, potentially exposing sensitive data. Attackers with physical access to the network could exploit this vulnerability by injecting rogue devices to capture these unencrypted packets. Although the GlobalProtect app can recover automatically from this situation within one minute, the risk of data interception remains a security concern.

Affected Version(s)

GlobalProtect App Windows 6.3.0 < 6.3.2-566

GlobalProtect App Windows 6.2.0 < 6.2.8-h2

GlobalProtect App Windows 6.1.0

References

https://security.paloaltonetworks.com/CVE-2025-4227

vendor-advisory

CVSS V4

Score:

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Physical

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Jun 13, 2025
Vulnerability published
Jun 13, 2025
Vulnerability Reserved
May 2, 2025

Credit

Tan Cheng Ghee of OCBC Bank