CVE-2025-0131

Summary

An incorrect privilege management vulnerability in the OPSWAT MetaDefender Endpoint Security SDK used by the Palo Alto Networks GlobalProtect™ app on Windows devices allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY\SYSTEM. However, execution requires that the local user also successfully exploits a race condition, which makes this vulnerability difficult to exploit.

Affected Software

VendorProductVersion RangeStatus
OPSWATMetaDefender Endpoint Security SDK4.3.0 < 4.3.4451affected

Weaknesses

  • CWE-266: CWE-266: Incorrect Privilege Assignment

Workarounds

No known workarounds or mitigations exist for this issue.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References