CVE-2025-0120

Summary

A vulnerability with a privilege management mechanism in the Palo Alto Networks GlobalProtect™ app on Windows devices allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY\SYSTEM. However, execution requires that the local user can also successfully exploit a race condition, which makes this vulnerability difficult to exploit.

Affected Software

VendorProductVersion RangeStatus
Palo Alto NetworksGlobalProtect App6.3.0 < 6.3.3affected
Palo Alto NetworksGlobalProtect App6.2.0 < 6.2.8affected
Palo Alto NetworksGlobalProtect App6.1.0affected
Palo Alto NetworksGlobalProtect App6.0.0affected
Palo Alto NetworksGlobalProtect AppAllunaffected
Palo Alto NetworksGlobalProtect UWP AppAllunaffected

Weaknesses

  • CWE-250: CWE-250 Execution with Unnecessary Privileges

Workarounds

No workaround or mitigation is available.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References