We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-0131

GlobalProtect App: Incorrect Privilege Management Vulnerability in OPSWAT MetaDefender Endpoint Security SDK



Description

An incorrect privilege management vulnerability in the OPSWAT MetaDefender Endpoint Security SDK used by the Palo Alto Networks GlobalProtect™ app on Windows devices allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY\SYSTEM. However, execution requires that the local user also successfully exploits a race condition, which makes this vulnerability difficult to exploit.

Reserved 2024-12-20 | Published 2025-05-14 | Updated 2025-05-21 | Assigner palo_alto


HIGH: 7.1CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:H/SI:H/SA:H/AU:N/R:U/V:D/U:Amber

Problem types

CWE-266: Incorrect Privilege Assignment

Product status

Default status
unaffected

4.3.0 before 4.3.4451
affected

Timeline

2025-05-14:Initial Publication

Credits

Palo Alto Networks thanks Maxime Escourbiac, Michelin CERT, Yassine Bengana, Abicom for Michelin CERT, and Sandro Poppi for discovering and reporting the issue. Palo Alto Networks thanks OPSWAT for remediating this issue in the MetaDefender Endpoint Security SDK. finder

References

security.paloaltonetworks.com/CVE-2025-0131 third-party-advisory

www.opswat.com/docs/mdsdk/release-notes/cve-2025-0131 vendor-advisory

cve.org (CVE-2025-0131)

nvd.nist.gov (CVE-2025-0131)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-0131

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.