CVE-2025-0139

Summary

An incorrect privilege assignment vulnerability in Palo Alto Networks Autonomous Digital Experience Manager allows a locally authenticated low privileged user on macOS endpoints to escalate their privileges to root.

Affected Software

VendorProductVersion RangeStatus
Palo Alto NetworksAutonomous Digital Experience Manager5.6.0 < 5.6.7affected

Weaknesses

  • CWE-266: CWE-266 Incorrect Privilege Assignment

Workarounds

There are no known workarounds or mitigations for this issue.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References