CVE-2025-0131 | THREATINT

Description

An incorrect privilege management vulnerability in the OPSWAT MetaDefender Endpoint Security SDK used by the Palo Alto Networks GlobalProtect™ app on Windows devices allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY\SYSTEM. However, execution requires that the local user also successfully exploits a race condition, which makes this vulnerability difficult to exploit.

PUBLISHED Reserved 2024-12-20 | Published 2025-05-14 | Updated 2026-02-26 | Assigner palo_alto

HIGH: 7.1CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:H/SI:H/SA:H/AU:N/R:U/V:D/U:Amber

Problem types

CWE-266: Incorrect Privilege Assignment

Product status

Default status

unaffected

4.3.0 (custom) before 4.3.4451

affected

Timeline

2025-05-14:

Initial Publication

Credits

Palo Alto Networks thanks Maxime Escourbiac, Michelin CERT, Yassine Bengana, Abicom for Michelin CERT, and Sandro Poppi for discovering and reporting the issue. Palo Alto Networks thanks OPSWAT for remediating this issue in the MetaDefender Endpoint Security SDK. finder

References

security.paloaltonetworks.com/CVE-2025-0131 third-party-advisory

www.opswat.com/docs/mdsdk/release-notes/cve-2025-0131 vendor-advisory

cve.org (CVE-2025-0131)

nvd.nist.gov (CVE-2025-0131)

Download JSON