cve-2025-0117
Vulnerability from cvelistv5
Published
2025-03-12 18:35
Modified
2025-03-13 03:55
Severity ?
EPSS score ?
Summary
A reliance on untrusted input for a security decision in the GlobalProtect app on Windows devices potentially enables a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY\SYSTEM.
GlobalProtect App on macOS, Linux, iOS, Android, Chrome OS and GlobalProtect UWP App are not affected.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Palo Alto Networks | GlobalProtect App |
Version: 6.3.0 < 6.3.3 Version: 6.2.0 < 6.2.6 Version: 6.1.0 < 10.2.14 Version: 6.0.0 < 10.1.14-h11 cpe:2.3:a:paloaltonetworks:globalprotect_app:6.3.2:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:globalprotect_app:6.3.1:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:globalprotect_app:6.3.0:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.4:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.3:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.2:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.1:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.0:-:*:*:*:*:*:* |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-0117", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-03-12T00:00:00+00:00", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-13T03:55:23.839Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.3.2:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.3.1:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.3.0:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.4:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.3:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.2:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.1:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.0:-:*:*:*:*:*:*", ], defaultStatus: "unaffected", platforms: [ "Windows", ], product: "GlobalProtect App", vendor: "Palo Alto Networks", versions: [ { changes: [ { at: "6.3.3", status: "unaffected", }, ], lessThan: "6.3.3", status: "affected", version: "6.3.0", versionType: "custom", }, { changes: [ { at: "6.2.6", status: "unaffected", }, ], lessThan: "6.2.6", status: "affected", version: "6.2.0", versionType: "custom", }, { changes: [ { at: "10.2.14", status: "unaffected", }, { at: "10.2.13-h5", status: "unaffected", }, ], lessThan: "10.2.14", status: "affected", version: "6.1.0", versionType: "custom", }, { changes: [ { at: "10.1.14-h11", status: "unaffected", }, ], lessThan: "10.1.14-h11", status: "affected", version: "6.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.3.2:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.3.1:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.3.0:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.4:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.3:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.2:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.1:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.0:-:*:*:*:*:*:*", ], defaultStatus: "unaffected", platforms: [ "iOS", "Android", "Chrome OS", "macOS", ], product: "GlobalProtect App", vendor: "Palo Alto Networks", versions: [ { changes: [ { at: "6.3.3", status: "unaffected", }, ], lessThan: "6.3.3", status: "unaffected", version: "All", versionType: "custom", }, ], }, { defaultStatus: "unaffected", product: "GlobalProtect UWP App", vendor: "Palo Alto Networks", versions: [ { status: "unaffected", version: "All", versionType: "custom", }, ], }, ], configurations: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "No special configuration is required to be vulnerable to this issue.", }, ], value: "No special configuration is required to be vulnerable to this issue.", }, ], credits: [ { lang: "en", type: "finder", value: "Maxime ESCOURBIAC, Michelin CERT", }, { lang: "en", type: "finder", value: "Yassine BENGANA, Abicom for Michelin CERT", }, { lang: "en", type: "finder", value: "Handelsbanken AB F-Secure", }, ], datePublic: "2025-03-12T16:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "A reliance on untrusted input for a security decision in the GlobalProtect app on Windows devices potentially enables a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY\\SYSTEM.<br><br>GlobalProtect App on macOS, Linux, iOS, Android, Chrome OS and GlobalProtect UWP App are not affected.", }, ], value: "A reliance on untrusted input for a security decision in the GlobalProtect app on Windows devices potentially enables a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY\\SYSTEM.\n\nGlobalProtect App on macOS, Linux, iOS, Android, Chrome OS and GlobalProtect UWP App are not affected.", }, ], exploits: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Palo Alto Networks is not aware of any malicious exploitation of this issue.", }, ], value: "Palo Alto Networks is not aware of any malicious exploitation of this issue.", }, ], impacts: [ { capecId: "CAPEC-233", descriptions: [ { lang: "en", value: "CAPEC-233 Privilege Escalation", }, ], }, ], metrics: [ { cvssV4_0: { Automatable: "NO", Recovery: "USER", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "LOCAL", baseScore: 7.1, baseSeverity: "HIGH", privilegesRequired: "LOW", providerUrgency: "AMBER", subAvailabilityImpact: "HIGH", subConfidentialityImpact: "HIGH", subIntegrityImpact: "HIGH", userInteraction: "PASSIVE", valueDensity: "DIFFUSE", vectorString: "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:H/VA:N/SC:H/SI:H/SA:H/AU:N/R:U/V:D/RE:M/U:Amber", version: "4.0", vulnAvailabilityImpact: "NONE", vulnConfidentialityImpact: "NONE", vulnIntegrityImpact: "HIGH", vulnerabilityResponseEffort: "MODERATE", }, format: "CVSS", scenarios: [ { lang: "en", value: "A local Windows user (or malware) with non-administrative rights elevates their privileges to NT AUTHORITY\\SYSTEM.", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-807", description: "CWE-807 Reliance on Untrusted Inputs in a Security Decision", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-12T18:44:09.386Z", orgId: "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", shortName: "palo_alto", }, references: [ { tags: [ "vendor-advisory", ], url: "https://security.paloaltonetworks.com/CVE-2025-0117", }, ], solutions: [ { lang: "eng", supportingMedia: [ { base64: false, type: "text/html", value: "<table><thead><tr><th>Version<br></th><th>Suggested Solution<br></th></tr></thead><tbody><tr><td>GlobalProtect App 6.3 on Windows<br></td><td>Upgrade to 6.3.3 or later<br></td></tr><tr><td>GlobalProtect App 6.2 on Windows<br></td><td>Upgrade to 6.2.6 or later<br></td></tr><tr><td>GlobalProtect App 6.1 on Windows<br></td><td>Upgrade to 6.2.6 or later or upgrade to 6.3.3 or later<br></td></tr><tr><td>GlobalProtect App 6.0 on Windows<br></td><td>Upgrade to 6.2.6 or later or upgrade to 6.3.3 or later<br></td></tr><tr><td>GlobalProtect App on Linux</td><td>No action needed</td></tr><tr><td>GlobalProtect App on iOS</td><td>No action needed</td></tr><tr><td>GlobalProtect App on Android</td><td>No action needed</td></tr><tr><td>GlobalProtect UWP App</td><td>No action needed</td></tr></tbody></table><br><p><b>Solution for new and existing GlobalProtect app installation on Windows</b></p>You can use your endpoint mobile device management (MDM) tools to apply the following changes:<br><ol><li>Install a fixed version of the GlobalProtect app.<br></li><li>Update the following registry key with the specified value (uses the REG_SZ type):<br>[HKEY_LOCAL_MACHINE\\SOFTWARE\\Palo Alto Networks\\GlobalProtect\\Settings]<br>\"check-communication\"=\"yes\"</li><li>Restart the operating system to apply this registry change.<br></li></ol><p><b>Alternate solution for new GlobalProtect app installation on Windows</b></p><p>Install the GlobalProtect app with the pre-deployment key CHECKCOMM set to \"yes\":</p><blockquote><tt>msiexec.exe /i GlobalProtect64.msi CHECKCOMM=\"yes\"</tt></blockquote><p>Note: This command adds the registry value from the previous solution instructions—no additional MSI options are needed.<br></p>", }, ], value: "Version\nSuggested Solution\nGlobalProtect App 6.3 on Windows\nUpgrade to 6.3.3 or later\nGlobalProtect App 6.2 on Windows\nUpgrade to 6.2.6 or later\nGlobalProtect App 6.1 on Windows\nUpgrade to 6.2.6 or later or upgrade to 6.3.3 or later\nGlobalProtect App 6.0 on Windows\nUpgrade to 6.2.6 or later or upgrade to 6.3.3 or later\nGlobalProtect App on LinuxNo action neededGlobalProtect App on iOSNo action neededGlobalProtect App on AndroidNo action neededGlobalProtect UWP AppNo action needed\nSolution for new and existing GlobalProtect app installation on Windows\n\nYou can use your endpoint mobile device management (MDM) tools to apply the following changes:\n * Install a fixed version of the GlobalProtect app.\n\n * Update the following registry key with the specified value (uses the REG_SZ type):\n[HKEY_LOCAL_MACHINE\\SOFTWARE\\Palo Alto Networks\\GlobalProtect\\Settings]\n\"check-communication\"=\"yes\"\n * Restart the operating system to apply this registry change.\n\nAlternate solution for new GlobalProtect app installation on Windows\n\nInstall the GlobalProtect app with the pre-deployment key CHECKCOMM set to \"yes\":\n\nmsiexec.exe /i GlobalProtect64.msi CHECKCOMM=\"yes\"Note: This command adds the registry value from the previous solution instructions—no additional MSI options are needed.", }, ], source: { defect: [ "GPC-19863", ], discovery: "EXTERNAL", }, timeline: [ { lang: "en", time: "2025-03-12T16:00:00.000Z", value: "Initial Publication", }, ], title: "GlobalProtect App: Local Privilege Escalation (PE) Vulnerability", workarounds: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "No workaround or mitigation is available.", }, ], value: "No workaround or mitigation is available.", }, ], x_affectedList: [ "GlobalProtect App 6.3.2", "GlobalProtect App 6.3.1", "GlobalProtect App 6.3.0", "GlobalProtect App 6.3", "GlobalProtect App 6.2.4", "GlobalProtect App 6.2.3", "GlobalProtect App 6.2.2", "GlobalProtect App 6.2.1", "GlobalProtect App 6.2.0", "GlobalProtect App 6.2", ], x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", assignerShortName: "palo_alto", cveId: "CVE-2025-0117", datePublished: "2025-03-12T18:35:35.409Z", dateReserved: "2024-12-20T23:23:18.651Z", dateUpdated: "2025-03-13T03:55:23.839Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { nvd: "{\"cve\":{\"id\":\"CVE-2025-0117\",\"sourceIdentifier\":\"psirt@paloaltonetworks.com\",\"published\":\"2025-03-12T19:15:37.883\",\"lastModified\":\"2025-03-12T19:15:37.883\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A reliance on untrusted input for a security decision in the GlobalProtect app on Windows devices potentially enables a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY\\\\SYSTEM.\\n\\nGlobalProtect App on macOS, Linux, iOS, Android, Chrome OS and GlobalProtect UWP App are not affected.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"psirt@paloaltonetworks.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:H/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"PASSIVE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"HIGH\",\"subIntegrityImpact\":\"HIGH\",\"subAvailabilityImpact\":\"HIGH\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NO\",\"Recovery\":\"USER\",\"valueDensity\":\"DIFFUSE\",\"vulnerabilityResponseEffort\":\"MODERATE\",\"providerUrgency\":\"AMBER\"}}]},\"weaknesses\":[{\"source\":\"psirt@paloaltonetworks.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-807\"}]}],\"references\":[{\"url\":\"https://security.paloaltonetworks.com/CVE-2025-0117\",\"source\":\"psirt@paloaltonetworks.com\"}]}}", vulnrichment: { containers: "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-0117\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-03-12T19:07:48.407567Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-03-12T19:07:55.600Z\"}}], \"cna\": {\"title\": \"GlobalProtect App: Local Privilege Escalation (PE) Vulnerability\", \"source\": {\"defect\": [\"GPC-19863\"], \"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Maxime ESCOURBIAC, Michelin CERT\"}, {\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Yassine BENGANA, Abicom for Michelin CERT\"}, {\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Handelsbanken AB F-Secure\"}], \"impacts\": [{\"capecId\": \"CAPEC-233\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-233 Privilege Escalation\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"USER\", \"baseScore\": 7.1, \"Automatable\": \"NO\", \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"valueDensity\": \"DIFFUSE\", \"vectorString\": \"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:H/VA:N/SC:H/SI:H/SA:H/AU:N/R:U/V:D/RE:M/U:Amber\", \"providerUrgency\": \"AMBER\", \"userInteraction\": \"PASSIVE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"LOW\", \"subIntegrityImpact\": \"HIGH\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"HIGH\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"HIGH\", \"vulnConfidentialityImpact\": \"NONE\", \"vulnerabilityResponseEffort\": \"MODERATE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"A local Windows user (or malware) with non-administrative rights elevates their privileges to NT AUTHORITY\\\\SYSTEM.\"}]}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:paloaltonetworks:globalprotect_app:6.3.2:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:globalprotect_app:6.3.1:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:globalprotect_app:6.3.0:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.4:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.3:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.2:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.1:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.0:-:*:*:*:*:*:*\"], \"vendor\": \"Palo Alto Networks\", \"product\": \"GlobalProtect App\", \"versions\": [{\"status\": \"affected\", \"changes\": [{\"at\": \"6.3.3\", \"status\": \"unaffected\"}], \"version\": \"6.3.0\", \"lessThan\": \"6.3.3\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"changes\": [{\"at\": \"6.2.6\", \"status\": \"unaffected\"}], \"version\": \"6.2.0\", \"lessThan\": \"6.2.6\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"changes\": [{\"at\": \"10.2.14\", \"status\": \"unaffected\"}, {\"at\": \"10.2.13-h5\", \"status\": \"unaffected\"}], \"version\": \"6.1.0\", \"lessThan\": \"10.2.14\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"changes\": [{\"at\": \"10.1.14-h11\", \"status\": \"unaffected\"}], \"version\": \"6.0.0\", \"lessThan\": \"10.1.14-h11\", \"versionType\": \"custom\"}], \"platforms\": [\"Windows\"], \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:2.3:a:paloaltonetworks:globalprotect_app:6.3.2:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:globalprotect_app:6.3.1:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:globalprotect_app:6.3.0:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.4:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.3:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.2:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.1:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.0:-:*:*:*:*:*:*\"], \"vendor\": \"Palo Alto Networks\", \"product\": \"GlobalProtect App\", \"versions\": [{\"status\": \"unaffected\", \"changes\": [{\"at\": \"6.3.3\", \"status\": \"unaffected\"}], \"version\": \"All\", \"lessThan\": \"6.3.3\", \"versionType\": \"custom\"}], \"platforms\": [\"iOS\", \"Android\", \"Chrome OS\", \"macOS\"], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Palo Alto Networks\", \"product\": \"GlobalProtect UWP App\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"All\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}], \"exploits\": [{\"lang\": \"en\", \"value\": \"Palo Alto Networks is not aware of any malicious exploitation of this issue.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Palo Alto Networks is not aware of any malicious exploitation of this issue.\", \"base64\": false}]}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2025-03-12T16:00:00.000Z\", \"value\": \"Initial Publication\"}], \"solutions\": [{\"lang\": \"eng\", \"value\": \"Version\\nSuggested Solution\\nGlobalProtect App 6.3 on Windows\\nUpgrade to 6.3.3 or later\\nGlobalProtect App 6.2 on Windows\\nUpgrade to 6.2.6 or later\\nGlobalProtect App 6.1 on Windows\\nUpgrade to 6.2.6 or later or upgrade to 6.3.3 or later\\nGlobalProtect App 6.0 on Windows\\nUpgrade to 6.2.6 or later or upgrade to 6.3.3 or later\\nGlobalProtect App on LinuxNo action neededGlobalProtect App on iOSNo action neededGlobalProtect App on AndroidNo action neededGlobalProtect UWP AppNo action needed\\nSolution for new and existing GlobalProtect app installation on Windows\\n\\nYou can use your endpoint mobile device management (MDM) tools to apply the following changes:\\n * Install a fixed version of the GlobalProtect app.\\n\\n * Update the following registry key with the specified value (uses the REG_SZ type):\\n[HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Palo Alto Networks\\\\GlobalProtect\\\\Settings]\\n\\\"check-communication\\\"=\\\"yes\\\"\\n * Restart the operating system to apply this registry change.\\n\\nAlternate solution for new GlobalProtect app installation on Windows\\n\\nInstall the GlobalProtect app with the pre-deployment key CHECKCOMM set to \\\"yes\\\":\\n\\nmsiexec.exe /i GlobalProtect64.msi CHECKCOMM=\\\"yes\\\"Note: This command adds the registry value from the previous solution instructions\\u2014no additional MSI options are needed.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"<table><thead><tr><th>Version<br></th><th>Suggested Solution<br></th></tr></thead><tbody><tr><td>GlobalProtect App 6.3 on Windows<br></td><td>Upgrade to 6.3.3 or later<br></td></tr><tr><td>GlobalProtect App 6.2 on Windows<br></td><td>Upgrade to 6.2.6 or later<br></td></tr><tr><td>GlobalProtect App 6.1 on Windows<br></td><td>Upgrade to 6.2.6 or later or upgrade to 6.3.3 or later<br></td></tr><tr><td>GlobalProtect App 6.0 on Windows<br></td><td>Upgrade to 6.2.6 or later or upgrade to 6.3.3 or later<br></td></tr><tr><td>GlobalProtect App on Linux</td><td>No action needed</td></tr><tr><td>GlobalProtect App on iOS</td><td>No action needed</td></tr><tr><td>GlobalProtect App on Android</td><td>No action needed</td></tr><tr><td>GlobalProtect UWP App</td><td>No action needed</td></tr></tbody></table><br><p><b>Solution for new and existing GlobalProtect app installation on Windows</b></p>You can use your endpoint mobile device management (MDM) tools to apply the following changes:<br><ol><li>Install a fixed version of the GlobalProtect app.<br></li><li>Update the following registry key with the specified value (uses the REG_SZ type):<br>[HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Palo Alto Networks\\\\GlobalProtect\\\\Settings]<br>\\\"check-communication\\\"=\\\"yes\\\"</li><li>Restart the operating system to apply this registry change.<br></li></ol><p><b>Alternate solution for new GlobalProtect app installation on Windows</b></p><p>Install the GlobalProtect app with the pre-deployment key CHECKCOMM set to \\\"yes\\\":</p><blockquote><tt>msiexec.exe /i GlobalProtect64.msi CHECKCOMM=\\\"yes\\\"</tt></blockquote><p>Note: This command adds the registry value from the previous solution instructions\\u2014no additional MSI options are needed.<br></p>\", \"base64\": false}]}], \"datePublic\": \"2025-03-12T16:00:00.000Z\", \"references\": [{\"url\": \"https://security.paloaltonetworks.com/CVE-2025-0117\", \"tags\": [\"vendor-advisory\"]}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"No workaround or mitigation is available.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"No workaround or mitigation is available.\", \"base64\": false}]}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A reliance on untrusted input for a security decision in the GlobalProtect app on Windows devices potentially enables a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY\\\\SYSTEM.\\n\\nGlobalProtect App on macOS, Linux, iOS, Android, Chrome OS and GlobalProtect UWP App are not affected.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"A reliance on untrusted input for a security decision in the GlobalProtect app on Windows devices potentially enables a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY\\\\SYSTEM.<br><br>GlobalProtect App on macOS, Linux, iOS, Android, Chrome OS and GlobalProtect UWP App are not affected.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-807\", \"description\": \"CWE-807 Reliance on Untrusted Inputs in a Security Decision\"}]}], \"configurations\": [{\"lang\": \"en\", \"value\": \"No special configuration is required to be vulnerable to this issue.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"No special configuration is required to be vulnerable to this issue.\", \"base64\": false}]}], \"x_affectedList\": [\"GlobalProtect App 6.3.2\", \"GlobalProtect App 6.3.1\", \"GlobalProtect App 6.3.0\", \"GlobalProtect App 6.3\", \"GlobalProtect App 6.2.4\", \"GlobalProtect App 6.2.3\", \"GlobalProtect App 6.2.2\", \"GlobalProtect App 6.2.1\", \"GlobalProtect App 6.2.0\", \"GlobalProtect App 6.2\"], \"providerMetadata\": {\"orgId\": \"d6c1279f-00f6-4ef7-9217-f89ffe703ec0\", \"shortName\": \"palo_alto\", \"dateUpdated\": \"2025-03-12T18:44:09.386Z\"}}}", cveMetadata: "{\"cveId\": \"CVE-2025-0117\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-03-12T19:08:01.190Z\", \"dateReserved\": \"2024-12-20T23:23:18.651Z\", \"assignerOrgId\": \"d6c1279f-00f6-4ef7-9217-f89ffe703ec0\", \"datePublished\": \"2025-03-12T18:35:35.409Z\", \"assignerShortName\": \"palo_alto\"}", dataType: "CVE_RECORD", dataVersion: "5.1", }, }, }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.