7.1
CVE-2025-0120
- EPSS 0.14%
- Veröffentlicht 11.04.2025 02:15:18
- Zuletzt bearbeitet 27.06.2025 16:51:19
- Quelle psirt@paloaltonetworks.com
- CVE-Watchlists
- Unerledigt
GlobalProtect App: Local Privilege Escalation (PE) Vulnerability
A vulnerability with a privilege management mechanism in the Palo Alto Networks GlobalProtect™ app on Windows devices allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY\SYSTEM. However, execution requires that the local user can also successfully exploit a race condition, which makes this vulnerability difficult to exploit.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Paloaltonetworks ≫ Globalprotect SwPlatformwindows Version >= 6.0.0 < 6.0.12
Paloaltonetworks ≫ Globalprotect SwPlatformwindows Version >= 6.1.0 < 6.2.7-1077
Paloaltonetworks ≫ Globalprotect SwPlatformwindows Version >= 6.3.0 < 6.3.3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.14% | 0.038 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7 | 1 | 5.9 |
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| psirt@paloaltonetworks.com | 7.1 | 0 | 0 |
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:M/U:Amber
|
CWE-250 Execution with Unnecessary Privileges
The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
https://security.paloaltonetworks.com/CVE-2025-0120