Home

Description

A vulnerability with a privilege management mechanism in the Palo Alto Networks GlobalProtect™ app on Windows devices allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY\SYSTEM. However, execution requires that the local user can also successfully exploit a race condition, which makes this vulnerability difficult to exploit.

PUBLISHED Reserved 2024-12-20 | Published 2025-04-11 | Updated 2025-05-02 | Assigner palo_alto




HIGH: 7.1CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:H/SI:H/SA:H/AU:N/R:U/V:C/RE:M/U:Amber

A local Windows user (or malware) with non-administrative rights elevates their privileges to NT AUTHORITY/SYSTEM.

Problem types

CWE-250 Execution with Unnecessary Privileges

Product status

Default status
unaffected

6.3.0 (custom) before 6.3.3
affected

6.2.0 (custom) before 6.2.8
affected

6.1.0 (custom)
affected

6.0.0 (custom)
affected

Default status
unaffected

All (custom)
unaffected

Default status
unaffected

All (custom)
unaffected

Timeline

2025-04-09:Initial Publication
2025-05-02:Updated the fix version for 6.2.7

Credits

Maxime ESCOURBIAC, Michelin CERT finder

Yassine BENGANA, Abicom for Michelin CERT finder

References

security.paloaltonetworks.com/CVE-2025-0120 vendor-advisory

cve.org (CVE-2025-0120)

nvd.nist.gov (CVE-2025-0120)

Download JSON