8
CVE-2025-0118
- EPSS 0.14%
- Veröffentlicht 12.03.2025 18:36:44
- Zuletzt bearbeitet 27.06.2025 16:52:34
- Quelle psirt@paloaltonetworks.com
- CVE-Watchlists
- Unerledigt
LoginA vulnerability in the Palo Alto Networks GlobalProtect app on Windows allows a remote attacker to run ActiveX controls within the context of an authenticated Windows user. This enables the attacker to run commands as if they are a legitimate authenticated user. However, to exploit this vulnerability, the authenticated user must navigate to a malicious page during the GlobalProtect SAML login process on a Windows device. This issue does not apply to the GlobalProtect app on other (non-Windows) platforms.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Paloaltonetworks ≫ Globalprotect SwPlatformwindows Version >= 6.0.0 < 6.0.11
Paloaltonetworks ≫ Globalprotect SwPlatformwindows Version >= 6.1.0 < 6.1.6
Paloaltonetworks ≫ Globalprotect SwPlatformwindows Version >= 6.2.0 < 6.2.5
Paloaltonetworks ≫ Globalprotect SwPlatformwindows Version >= 6.3.0 < 6.3.3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.14% | 0.339 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8 | 2.1 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
|
| psirt@paloaltonetworks.com | 6 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:L/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber
|
CWE-618 Exposed Unsafe ActiveX Method
An ActiveX control is intended for use in a web browser, but it exposes dangerous methods that perform actions that are outside of the browser's security model (e.g. the zone or domain).