Improper Neutralization Vulnerability in Palo Alto Networks GlobalProtect™ App on macOS
CVE-2025-4232

8.5HIGH

Key Information:

Vendor: Palo Alto Networks
Status: Globalprotect App
Vendor: CVE Published:; 13 June 2025

🔔 Create Palo Alto Networks Vulnerability Alert

Badges

👾 Exploit Exists

What is CVE-2025-4232?

An improper neutralization of wildcards vulnerability exists in the log collection feature of Palo Alto Networks GlobalProtect™ app for macOS. This flaw allows a non-administrative user to escalate their privileges to root, potentially leading to unauthorized access and control over the system. Users are advised to update their software to mitigate this risk.

Affected Version(s)

GlobalProtect App macOS 6.3 < 6.3.3

GlobalProtect App macOS 6.2.0 < 6.2.8-h2

GlobalProtect App macOS 6.1.0

References

https://security.paloaltonetworks.com/CVE-2025-4232

vendor-advisory

CVSS V4

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Jun 13, 2025
Vulnerability published
Jun 13, 2025