CVE-2025-4232

EPSS 0.05%
Veröffentlicht 12.06.2025 23:22:34
Zuletzt bearbeitet 27.06.2025 16:47:32
Quelle psirt@paloaltonetworks.com
CVE-Watchlists
Login
Unerledigt
Login

An improper neutralization of wildcards vulnerability in the log collection feature of Palo Alto Networks GlobalProtect™ app on macOS allows a non administrative user to escalate their privileges to root.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Paloaltonetworks ≫ Globalprotect SwPlatformmacos Version >= 6.0.0 < 6.2.8

Paloaltonetworks ≫ Globalprotect SwPlatformmacos Version >= 6.3.0 < 6.3.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.135

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
psirt@paloaltonetworks.com	8.5	0	0	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber

CWE-155 Improper Neutralization of Wildcards or Matching Symbols

The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as wildcards or matching symbols when they are sent to a downstream component.

https://security.paloaltonetworks.com/CVE-2025-4232

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-4232

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-4232

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-4232

EUVD