CVE-2025-0135

An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect™ App on macOS devices enables a locally authenticated non administrative user to disable the app. The GlobalProtect app on Windows, Linux, iOS, Android, Chrome OS and GlobalProtect UWP app are not affected.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:macos:*:*
cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:macos:*:*

History

27 Jun 2025, 16:50

Type Values Removed Values Added
First Time Paloaltonetworks globalprotect
Paloaltonetworks
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 3.3
CPE cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:macos:*:*
References () https://security.paloaltonetworks.com/CVE-2025-0135 - () https://security.paloaltonetworks.com/CVE-2025-0135 - Vendor Advisory

16 May 2025, 14:43

Type Values Removed Values Added
Summary
  • (es) Una vulnerabilidad de asignación incorrecta de privilegios en la aplicación GlobalProtect™ de Palo Alto Networks en dispositivos macOS permite que un usuario no administrativo autenticado localmente desactive la aplicación. La aplicación GlobalProtect en Windows, Linux, iOS, Android, Chrome OS y la aplicación GlobalProtect UWP no se ven afectadas.

14 May 2025, 19:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-05-14 19:15

Updated : 2025-06-27 16:50


NVD link : CVE-2025-0135

Mitre link : CVE-2025-0135

CVE.ORG link : CVE-2025-0135


JSON object : View

Products Affected

paloaltonetworks

  • globalprotect
CWE
CWE-266

Incorrect Privilege Assignment