CVE-2025-0120

A vulnerability with a privilege management mechanism in the Palo Alto Networks GlobalProtect™ app on Windows devices allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY\SYSTEM. However, execution requires that the local user can also successfully exploit a race condition, which makes this vulnerability difficult to exploit.

CVSS v3 7.0 HIGH

7.0^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.0 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://security.paloaltonetworks.com/CVE-2025-0120	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:paloaltonetworks:globalprotect::::::windows::*
	cpe:2.3:a:paloaltonetworks:globalprotect::::::windows::*
	cpe:2.3:a:paloaltonetworks:globalprotect::::::windows::*

History

27 Jun 2025, 16:51

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.0
References	~~() https://security.paloaltonetworks.com/CVE-2025-0120 -~~	() https://security.paloaltonetworks.com/CVE-2025-0120 - Vendor Advisory
CPE		cpe:2.3:a:paloaltonetworks:globalprotect::::::windows::*
First Time		Paloaltonetworks globalprotect Paloaltonetworks

11 Apr 2025, 15:39

Type	Values Removed	Values Added
Summary		(es) Una vulnerabilidad con un mecanismo de administración de privilegios en la aplicación Palo Alto Networks GlobalProtect™ en dispositivos Windows permite que un usuario de Windows no administrativo autenticado localmente escale sus privilegios a NT AUTHORITY\SYSTEM. Sin embargo, la ejecución requiere que el usuario local también pueda explotar con éxito una condición de ejecución, lo que hace que esta vulnerabilidad sea difícil de explotar.

11 Apr 2025, 02:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-04-11 02:15

Updated : 2025-06-27 16:51

NVD link : CVE-2025-0120

Mitre link : CVE-2025-0120

CVE.ORG link : CVE-2025-0120

JSON object : View

Products Affected

paloaltonetworks

globalprotect

CWE

CWE-250

Execution with Unnecessary Privileges

{"id": "CVE-2025-0120", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.0, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.0}], "cvssMetricV40": [{"type": "Secondary", "source": "psirt@paloaltonetworks.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "USER", "baseScore": 7.1, "Automatable": "NO", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:M/U:Amber", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "AMBER", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "MODERATE", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-04-11T02:15:18.197", "references": [{"url": "https://security.paloaltonetworks.com/CVE-2025-0120", "tags": ["Vendor Advisory"], "source": "psirt@paloaltonetworks.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "psirt@paloaltonetworks.com", "description": [{"lang": "en", "value": "CWE-250"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability with a privilege management mechanism in the Palo Alto Networks GlobalProtect\u2122 app on Windows devices allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY\\SYSTEM. However, execution requires that the local user can also successfully exploit a race condition, which makes this vulnerability difficult to exploit."}, {"lang": "es", "value": " Una vulnerabilidad con un mecanismo de administraci\u00f3n de privilegios en la aplicaci\u00f3n Palo Alto Networks GlobalProtect\u2122 en dispositivos Windows permite que un usuario de Windows no administrativo autenticado localmente escale sus privilegios a NT AUTHORITY\\SYSTEM. Sin embargo, la ejecuci\u00f3n requiere que el usuario local tambi\u00e9n pueda explotar con \u00e9xito una condici\u00f3n de ejecuci\u00f3n, lo que hace que esta vulnerabilidad sea dif\u00edcil de explotar."}], "lastModified": "2025-06-27T16:51:19.773", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "B6E8BBD7-AE9C-4708-BCE5-805250956365", "versionEndExcluding": "6.0.12", "versionStartIncluding": "6.0.0"}, {"criteria": "cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "5C174DAD-5FAC-4815-B1D6-34E18903EA0D", "versionEndExcluding": "6.2.7-1077", "versionStartIncluding": "6.1.0"}, {"criteria": "cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "3A842EBF-EA01-4D05-96C5-7F2061951423", "versionEndExcluding": "6.3.3", "versionStartIncluding": "6.3.0"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@paloaltonetworks.com"}