csaf_certbund - wid-sec-w-2025-0548

wid-sec-w-2025-0548

Vulnerability from csaf_certbund

Published

2025-03-12 23:00

Modified

2025-03-12 23:00

Summary

PaloAlto Networks GlobalProtect: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

GlobalProtect von PaloAlto ist eine Sicherheitsplattform.

Angriff

Ein entfernter anonymer oder lokaler Angreifer kann mehrere Schwachstellen in PaloAlto Networks GlobalProtect ausnutzen, um beliebigen Code auszuführen und erhöhte Privilegien zu erlangen.

Betroffene Betriebssysteme

- Appliance - Sonstiges - Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "GlobalProtect von PaloAlto ist eine Sicherheitsplattform.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter anonymer oder lokaler Angreifer kann mehrere \r\nSchwachstellen in PaloAlto Networks GlobalProtect ausnutzen, um beliebigen Code auszuf\u00fchren und erh\u00f6hte Privilegien zu erlangen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Appliance\n- Sonstiges\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-0548 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0548.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-0548 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0548"
      },
      {
        "category": "external",
        "summary": "Palo Alto Networks Security Advisories vom 2025-03-12",
        "url": "https://security.paloaltonetworks.com/CVE-2025-0118"
      },
      {
        "category": "external",
        "summary": "Palo Alto Networks Security Advisories vom 2025-03-12",
        "url": "https://security.paloaltonetworks.com/CVE-2025-0117"
      }
    ],
    "source_lang": "en-US",
    "title": "PaloAlto Networks GlobalProtect: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-03-12T23:00:00.000+00:00",
      "generator": {
        "date": "2025-03-13T11:19:15.667+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.12"
        }
      },
      "id": "WID-SEC-W-2025-0548",
      "initial_release_date": "2025-03-12T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-03-12T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c6.3.3",
                "product": {
                  "name": "PaloAlto Networks GlobalProtect \u003c6.3.3",
                  "product_id": "T041831"
                }
              },
              {
                "category": "product_version",
                "name": "6.3.3",
                "product": {
                  "name": "PaloAlto Networks GlobalProtect 6.3.3",
                  "product_id": "T041831-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:paloaltonetworks:globalprotect:6.3.3"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c6.2.5",
                "product": {
                  "name": "PaloAlto Networks GlobalProtect \u003c6.2.5",
                  "product_id": "T041832"
                }
              },
              {
                "category": "product_version",
                "name": "6.2.5",
                "product": {
                  "name": "PaloAlto Networks GlobalProtect 6.2.5",
                  "product_id": "T041832-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:paloaltonetworks:globalprotect:6.2.5"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c6.1.6",
                "product": {
                  "name": "PaloAlto Networks GlobalProtect \u003c6.1.6",
                  "product_id": "T041833"
                }
              },
              {
                "category": "product_version",
                "name": "6.1.6",
                "product": {
                  "name": "PaloAlto Networks GlobalProtect 6.1.6",
                  "product_id": "T041833-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:paloaltonetworks:globalprotect:6.1.6"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c6.0.11",
                "product": {
                  "name": "PaloAlto Networks GlobalProtect \u003c6.0.11",
                  "product_id": "T041834"
                }
              },
              {
                "category": "product_version",
                "name": "6.0.11",
                "product": {
                  "name": "PaloAlto Networks GlobalProtect 6.0.11",
                  "product_id": "T041834-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:paloaltonetworks:globalprotect:6.0.11"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c6.2.6",
                "product": {
                  "name": "PaloAlto Networks GlobalProtect \u003c6.2.6",
                  "product_id": "T041835"
                }
              },
              {
                "category": "product_version",
                "name": "6.2.6",
                "product": {
                  "name": "PaloAlto Networks GlobalProtect 6.2.6",
                  "product_id": "T041835-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:paloaltonetworks:globalprotect:6.2.6"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "GlobalProtect"
          }
        ],
        "category": "vendor",
        "name": "PaloAlto Networks"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-0117",
      "product_status": {
        "known_affected": [
          "T041835",
          "T041834",
          "T041833",
          "T041832",
          "T041831"
        ]
      },
      "release_date": "2025-03-12T23:00:00.000+00:00",
      "title": "CVE-2025-0117"
    },
    {
      "cve": "CVE-2025-0118",
      "product_status": {
        "known_affected": [
          "T041834",
          "T041833",
          "T041832",
          "T041831"
        ]
      },
      "release_date": "2025-03-12T23:00:00.000+00:00",
      "title": "CVE-2025-0118"
    }
  ]
}

CVE-2025-0117 (GCVE-0-2025-0117)

Vulnerability from cvelistv5

Published

2025-03-12 18:35

Modified

2025-03-13 03:55

Severity ?

7.1 (High) - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:H/VA:N/SC:H/SI:H/SA:H/AU:N/R:U/V:D/RE:M/U:Amber

CWE

CWE-807 - Reliance on Untrusted Inputs in a Security Decision

Summary

A reliance on untrusted input for a security decision in the GlobalProtect app on Windows devices potentially enables a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY\SYSTEM. GlobalProtect App on macOS, Linux, iOS, Android, Chrome OS and GlobalProtect UWP App are not affected.

References

►

URL

Tags

https://security.paloaltonetworks.com/CVE-2025-0117

vendor-advisory

Impacted products

Vendor

Product

Version

►

Palo Alto Networks

GlobalProtect App

Version: 6.3.0   < 6.3.3
Version: 6.2.0   < 6.2.6
Version: 6.1.0   < 10.2.14
Version: 6.0.0   < 10.1.14-h11
    cpe:2.3:a:paloaltonetworks:globalprotect_app:6.3.2:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:globalprotect_app:6.3.1:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:globalprotect_app:6.3.0:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.4:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.3:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.2:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.1:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.0:-:*:*:*:*:*:*

	Palo Alto Networks	GlobalProtect App	Patch: All < 6.3.3 cpe:2.3:a:paloaltonetworks:globalprotect_app:6.3.2:-:::::: cpe:2.3:a:paloaltonetworks:globalprotect_app:6.3.1:-:::::: cpe:2.3:a:paloaltonetworks:globalprotect_app:6.3.0:-:::::: cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.4:-:::::: cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.3:-:::::: cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.2:-:::::: cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.1:-:::::: cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.0:-::::::
	Palo Alto Networks	GlobalProtect UWP App	Patch: All

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-0117",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-12T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-13T03:55:23.839Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.3.2:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.3.1:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.3.0:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.4:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.3:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.2:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.1:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.0:-:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "GlobalProtect App",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "changes": [
                {
                  "at": "6.3.3",
                  "status": "unaffected"
                }
              ],
              "lessThan": "6.3.3",
              "status": "affected",
              "version": "6.3.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "6.2.6",
                  "status": "unaffected"
                }
              ],
              "lessThan": "6.2.6",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "10.2.14",
                  "status": "unaffected"
                },
                {
                  "at": "10.2.13-h5",
                  "status": "unaffected"
                }
              ],
              "lessThan": "10.2.14",
              "status": "affected",
              "version": "6.1.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "10.1.14-h11",
                  "status": "unaffected"
                }
              ],
              "lessThan": "10.1.14-h11",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.3.2:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.3.1:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.3.0:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.4:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.3:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.2:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.1:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.0:-:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "platforms": [
            "iOS",
            "Android",
            "Chrome OS",
            "macOS"
          ],
          "product": "GlobalProtect App",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "changes": [
                {
                  "at": "6.3.3",
                  "status": "unaffected"
                }
              ],
              "lessThan": "6.3.3",
              "status": "unaffected",
              "version": "All",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "GlobalProtect UWP App",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "status": "unaffected",
              "version": "All",
              "versionType": "custom"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "No special configuration is required to be vulnerable to this issue."
            }
          ],
          "value": "No special configuration is required to be vulnerable to this issue."
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Maxime ESCOURBIAC, Michelin CERT"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Yassine BENGANA, Abicom for Michelin CERT"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Handelsbanken AB F-Secure"
        }
      ],
      "datePublic": "2025-03-12T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A reliance on untrusted input for a security decision in the GlobalProtect app on Windows devices potentially enables a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY\\SYSTEM.\u003cbr\u003e\u003cbr\u003eGlobalProtect App on macOS, Linux, iOS, Android, Chrome OS and GlobalProtect UWP App are not affected."
            }
          ],
          "value": "A reliance on untrusted input for a security decision in the GlobalProtect app on Windows devices potentially enables a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY\\SYSTEM.\n\nGlobalProtect App on macOS, Linux, iOS, Android, Chrome OS and GlobalProtect UWP App are not affected."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
            }
          ],
          "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-233",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-233 Privilege Escalation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NO",
            "Recovery": "USER",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "privilegesRequired": "LOW",
            "providerUrgency": "AMBER",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "PASSIVE",
            "valueDensity": "DIFFUSE",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:H/VA:N/SC:H/SI:H/SA:H/AU:N/R:U/V:D/RE:M/U:Amber",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "MODERATE"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "A local Windows user (or malware) with non-administrative rights elevates their privileges to NT AUTHORITY\\SYSTEM."
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-807",
              "description": "CWE-807 Reliance on Untrusted Inputs in a Security Decision",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-12T18:44:09.386Z",
        "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "shortName": "palo_alto"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.paloaltonetworks.com/CVE-2025-0117"
        }
      ],
      "solutions": [
        {
          "lang": "eng",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003cbr\u003e\u003c/th\u003e\u003cth\u003eSuggested Solution\u003cbr\u003e\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eGlobalProtect App 6.3 on Windows\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eUpgrade to 6.3.3 or later\u003cbr\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eGlobalProtect App 6.2 on Windows\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eUpgrade to 6.2.6 or later\u003cbr\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eGlobalProtect App 6.1 on Windows\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eUpgrade to 6.2.6 or later or upgrade to 6.3.3 or later\u003cbr\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eGlobalProtect App 6.0 on Windows\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eUpgrade to 6.2.6 or later or upgrade to 6.3.3 or later\u003cbr\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eGlobalProtect App on Linux\u003c/td\u003e\u003ctd\u003eNo action needed\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eGlobalProtect App on iOS\u003c/td\u003e\u003ctd\u003eNo action needed\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eGlobalProtect App on Android\u003c/td\u003e\u003ctd\u003eNo action needed\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eGlobalProtect UWP App\u003c/td\u003e\u003ctd\u003eNo action needed\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cbr\u003e\u003cp\u003e\u003cb\u003eSolution for new and existing GlobalProtect app installation on Windows\u003c/b\u003e\u003c/p\u003eYou can use your endpoint mobile device management (MDM) tools to apply the following changes:\u003cbr\u003e\u003col\u003e\u003cli\u003eInstall a fixed version of the GlobalProtect app.\u003cbr\u003e\u003c/li\u003e\u003cli\u003eUpdate the following registry key with the specified value (uses the REG_SZ type):\u003cbr\u003e[HKEY_LOCAL_MACHINE\\SOFTWARE\\Palo Alto Networks\\GlobalProtect\\Settings]\u003cbr\u003e\"check-communication\"=\"yes\"\u003c/li\u003e\u003cli\u003eRestart the operating system to apply this registry change.\u003cbr\u003e\u003c/li\u003e\u003c/ol\u003e\u003cp\u003e\u003cb\u003eAlternate solution for new GlobalProtect app installation on Windows\u003c/b\u003e\u003c/p\u003e\u003cp\u003eInstall the GlobalProtect app with the pre-deployment key CHECKCOMM set to \"yes\":\u003c/p\u003e\u003cblockquote\u003e\u003ctt\u003emsiexec.exe /i GlobalProtect64.msi CHECKCOMM=\"yes\"\u003c/tt\u003e\u003c/blockquote\u003e\u003cp\u003eNote: This command adds the registry value from the previous solution instructions\u2014no additional MSI options are needed.\u003cbr\u003e\u003c/p\u003e"
            }
          ],
          "value": "Version\nSuggested Solution\nGlobalProtect App 6.3 on Windows\nUpgrade to 6.3.3 or later\nGlobalProtect App 6.2 on Windows\nUpgrade to 6.2.6 or later\nGlobalProtect App 6.1 on Windows\nUpgrade to 6.2.6 or later or upgrade to 6.3.3 or later\nGlobalProtect App 6.0 on Windows\nUpgrade to 6.2.6 or later or upgrade to 6.3.3 or later\nGlobalProtect App on LinuxNo action neededGlobalProtect App on iOSNo action neededGlobalProtect App on AndroidNo action neededGlobalProtect UWP AppNo action needed\nSolution for new and existing GlobalProtect app installation on Windows\n\nYou can use your endpoint mobile device management (MDM) tools to apply the following changes:\n  *  Install a fixed version of the GlobalProtect app.\n\n  *  Update the following registry key with the specified value (uses the REG_SZ type):\n[HKEY_LOCAL_MACHINE\\SOFTWARE\\Palo Alto Networks\\GlobalProtect\\Settings]\n\"check-communication\"=\"yes\"\n  *  Restart the operating system to apply this registry change.\n\nAlternate solution for new GlobalProtect app installation on Windows\n\nInstall the GlobalProtect app with the pre-deployment key CHECKCOMM set to \"yes\":\n\nmsiexec.exe /i GlobalProtect64.msi CHECKCOMM=\"yes\"Note: This command adds the registry value from the previous solution instructions\u2014no additional MSI options are needed."
        }
      ],
      "source": {
        "defect": [
          "GPC-19863"
        ],
        "discovery": "EXTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2025-03-12T16:00:00.000Z",
          "value": "Initial Publication"
        }
      ],
      "title": "GlobalProtect App: Local Privilege Escalation (PE) Vulnerability",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "No workaround or mitigation is available."
            }
          ],
          "value": "No workaround or mitigation is available."
        }
      ],
      "x_affectedList": [
        "GlobalProtect App 6.3.2",
        "GlobalProtect App 6.3.1",
        "GlobalProtect App 6.3.0",
        "GlobalProtect App 6.3",
        "GlobalProtect App 6.2.4",
        "GlobalProtect App 6.2.3",
        "GlobalProtect App 6.2.2",
        "GlobalProtect App 6.2.1",
        "GlobalProtect App 6.2.0",
        "GlobalProtect App 6.2"
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
    "assignerShortName": "palo_alto",
    "cveId": "CVE-2025-0117",
    "datePublished": "2025-03-12T18:35:35.409Z",
    "dateReserved": "2024-12-20T23:23:18.651Z",
    "dateUpdated": "2025-03-13T03:55:23.839Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-0118 (GCVE-0-2025-0118)

Vulnerability from cvelistv5

Published

2025-03-12 18:36

Modified

2025-03-12 18:52

Severity ?

6.0 (Medium) - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:L/VA:H/SC:L/SI:L/SA:L/AU:N/R:U/V:D/RE:M/U:Amber

CWE

CWE-618 - Exposed Unsafe ActiveX Method

Summary

A vulnerability in the Palo Alto Networks GlobalProtect app on Windows allows a remote attacker to run ActiveX controls within the context of an authenticated Windows user. This enables the attacker to run commands as if they are a legitimate authenticated user. However, to exploit this vulnerability, the authenticated user must navigate to a malicious page during the GlobalProtect SAML login process on a Windows device. This issue does not apply to the GlobalProtect app on other (non-Windows) platforms.

References

►

URL

Tags

https://security.paloaltonetworks.com/CVE-2025-0118

vendor-advisory

Impacted products

Vendor

Product

Version

►

Palo Alto Networks

GlobalProtect App

Patch: 6.3.0   < 6.3.3
Version: 6.2.0   < 6.2.5
Version: 6.1.0   < 6.1.6
Version: 6.0.0   < 6.0.11
    cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.4:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.3:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.2:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.1:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.0:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:globalprotect_app:6.1.5:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:globalprotect_app:6.1.4:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:globalprotect_app:6.1.3:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:globalprotect_app:6.1.2:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:globalprotect_app:6.1.1:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:globalprotect_app:6.1.0:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:globalprotect_app:6.0.8:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:globalprotect_app:6.0.7:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:globalprotect_app:6.0.6:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:globalprotect_app:6.0.5:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:globalprotect_app:6.0.4:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:globalprotect_app:6.0.3:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:globalprotect_app:6.0.2:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:globalprotect_app:6.0.1:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:globalprotect_app:6.0.0:-:*:*:*:*:*:*

	Palo Alto Networks	GlobalProtect App	Patch: All < 6.3.3 cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.4:-:::::: cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.3:-:::::: cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.2:-:::::: cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.1:-:::::: cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.0:-:::::: cpe:2.3:a:paloaltonetworks:globalprotect_app:6.1.5:-:::::: cpe:2.3:a:paloaltonetworks:globalprotect_app:6.1.4:-:::::: cpe:2.3:a:paloaltonetworks:globalprotect_app:6.1.3:-:::::: cpe:2.3:a:paloaltonetworks:globalprotect_app:6.1.2:-:::::: cpe:2.3:a:paloaltonetworks:globalprotect_app:6.1.1:-:::::: cpe:2.3:a:paloaltonetworks:globalprotect_app:6.1.0:-:::::: cpe:2.3:a:paloaltonetworks:globalprotect_app:6.0.8:-:::::: cpe:2.3:a:paloaltonetworks:globalprotect_app:6.0.7:-:::::: cpe:2.3:a:paloaltonetworks:globalprotect_app:6.0.6:-:::::: cpe:2.3:a:paloaltonetworks:globalprotect_app:6.0.5:-:::::: cpe:2.3:a:paloaltonetworks:globalprotect_app:6.0.4:-:::::: cpe:2.3:a:paloaltonetworks:globalprotect_app:6.0.3:-:::::: cpe:2.3:a:paloaltonetworks:globalprotect_app:6.0.2:-:::::: cpe:2.3:a:paloaltonetworks:globalprotect_app:6.0.1:-:::::: cpe:2.3:a:paloaltonetworks:globalprotect_app:6.0.0:-::::::
	Palo Alto Networks	GlobalProtect UWP App	Patch: All

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-0118",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-12T18:48:05.801831Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-12T18:52:08.115Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.4:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.3:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.2:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.1:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.0:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.1.5:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.1.4:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.1.3:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.1.2:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.1.1:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.1.0:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.0.8:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.0.7:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.0.6:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.0.5:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.0.4:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.0.3:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.0.2:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.0.1:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.0.0:-:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "GlobalProtect App",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "changes": [
                {
                  "at": "6.3.3",
                  "status": "unaffected"
                }
              ],
              "lessThan": "6.3.3",
              "status": "unaffected",
              "version": "6.3.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "6.2.5",
                  "status": "unaffected"
                }
              ],
              "lessThan": "6.2.5",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "6.1.6",
                  "status": "unaffected"
                }
              ],
              "lessThan": "6.1.6",
              "status": "affected",
              "version": "6.1.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "6.0.11",
                  "status": "unaffected"
                }
              ],
              "lessThan": "6.0.11",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.4:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.3:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.2:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.1:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.0:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.1.5:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.1.4:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.1.3:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.1.2:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.1.1:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.1.0:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.0.8:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.0.7:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.0.6:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.0.5:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.0.4:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.0.3:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.0.2:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.0.1:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.0.0:-:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "platforms": [
            "macOS",
            "Linux",
            "iOS",
            "Android",
            "Chrome OS"
          ],
          "product": "GlobalProtect App",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "changes": [
                {
                  "at": "6.3.3",
                  "status": "unaffected"
                }
              ],
              "lessThan": "6.3.3",
              "status": "unaffected",
              "version": "All",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "GlobalProtect UWP App",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "status": "unaffected",
              "version": "All",
              "versionType": "custom"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "You are vulnerable to this issue only if you configured GlobalProtect authentication to use SAML authentication.\u003cbr\u003e\u003cbr\u003eYou can verify whether you configured SAML authentication on your GlobalProtect portals by checking your firewall web interface (\u003cb\u003eNetwork\u003c/b\u003e \u0026gt; \u003cb\u003eGlobalProtect\u003c/b\u003e \u0026gt; \u003cb\u003ePortals\u003c/b\u003e \u0026gt; (portal-config) \u0026gt; \u003cb\u003eAuthentication\u003c/b\u003e)."
            }
          ],
          "value": "You are vulnerable to this issue only if you configured GlobalProtect authentication to use SAML authentication.\n\nYou can verify whether you configured SAML authentication on your GlobalProtect portals by checking your firewall web interface (Network \u003e GlobalProtect \u003e Portals \u003e (portal-config) \u003e Authentication)."
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Maxime ESCOURBIAC, Michelin CERT"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Yassine BENGANA, Abicom for Michelin CERT"
        }
      ],
      "datePublic": "2025-03-12T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A vulnerability in the Palo Alto Networks GlobalProtect app on Windows allows a remote attacker to run ActiveX controls within the context of an authenticated Windows user. This enables the attacker to run commands as if they are a legitimate authenticated user. However, to exploit this vulnerability, the authenticated user must navigate to a malicious page during the GlobalProtect SAML login process on a Windows device.\u003cbr\u003e\u003cbr\u003eThis issue does not apply to the GlobalProtect app on other (non-Windows) platforms.\u0026nbsp;"
            }
          ],
          "value": "A vulnerability in the Palo Alto Networks GlobalProtect app on Windows allows a remote attacker to run ActiveX controls within the context of an authenticated Windows user. This enables the attacker to run commands as if they are a legitimate authenticated user. However, to exploit this vulnerability, the authenticated user must navigate to a malicious page during the GlobalProtect SAML login process on a Windows device.\n\nThis issue does not apply to the GlobalProtect app on other (non-Windows) platforms."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
            }
          ],
          "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-104",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-104 Cross Zone Scripting"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NO",
            "Recovery": "USER",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 6,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "providerUrgency": "AMBER",
            "subAvailabilityImpact": "LOW",
            "subConfidentialityImpact": "LOW",
            "subIntegrityImpact": "LOW",
            "userInteraction": "ACTIVE",
            "valueDensity": "DIFFUSE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:L/VA:H/SC:L/SI:L/SA:L/AU:N/R:U/V:D/RE:M/U:Amber",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "MODERATE"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "An attacker deceives an authenticated Windows user and entices the user to navigate to a malicious web page during the GlobalProtect SAML login process."
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-618",
              "description": "CWE-618 Exposed Unsafe ActiveX Method",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-12T18:46:41.580Z",
        "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "shortName": "palo_alto"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.paloaltonetworks.com/CVE-2025-0118"
        }
      ],
      "solutions": [
        {
          "lang": "eng",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The issue is addressed by hardening the browser embedded in GlobalProtect app to disallow ActiveX plugins. This security enhancement is implemented in patched versions of the GlobalProtect app, so upgrading resolves the issue.\u0026nbsp;\u003cbr\u003e\u003cbr\u003e\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003cbr\u003e\u003c/th\u003e\u003cth\u003eSuggested Solution\u003cbr\u003e\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eGlobalProtect App 6.3 on Windows\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eUpgrade to 6.3.3 or later\u003cbr\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eGlobalProtect App 6.2 on Windows\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eUpgrade to 6.2.5 or later\u003cbr\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eGlobalProtect App 6.1 on Windows\u003c/td\u003e\u003ctd\u003eUpgrade to 6.1.6 or later\u003cbr\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eGlobalProtect App 6.0 on Windows\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eUpgrade to 6.0.11 or later\u003cbr\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eGlobalProtect App on macOS\u003c/td\u003e\u003ctd\u003eNo action needed\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eGlobalProtect App on Linux\u003c/td\u003e\u003ctd\u003eNo action needed\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eGlobalProtect App on iOS\u003c/td\u003e\u003ctd\u003eNo action needed\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eGlobalProtect App on Android\u003c/td\u003e\u003ctd\u003eNo action needed\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eGlobalProtect UWP App\u003c/td\u003e\u003ctd\u003eNo action needed\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
            }
          ],
          "value": "The issue is addressed by hardening the browser embedded in GlobalProtect app to disallow ActiveX plugins. This security enhancement is implemented in patched versions of the GlobalProtect app, so upgrading resolves the issue.\u00a0\n\nVersion\nSuggested Solution\nGlobalProtect App 6.3 on Windows\nUpgrade to 6.3.3 or later\nGlobalProtect App 6.2 on Windows\nUpgrade to 6.2.5 or later\nGlobalProtect App 6.1 on WindowsUpgrade to 6.1.6 or later\nGlobalProtect App 6.0 on Windows\nUpgrade to 6.0.11 or later\nGlobalProtect App on macOSNo action neededGlobalProtect App on LinuxNo action neededGlobalProtect App on iOSNo action neededGlobalProtect App on AndroidNo action neededGlobalProtect UWP AppNo action needed"
        }
      ],
      "source": {
        "defect": [
          "GPC-19859"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "GlobalProtect App: Execution of Unsafe ActiveX Control Vulnerability",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "You can mitigate this issue by using a different form of authentication for the GlobalProtect portal such as Client Certificate Authentication, RADIUS, TACACS+, LDAP, or Kerberos. You can find information about configuring authentication for the GlobalProtect portal in this \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/pan-os/11-1/pan-os-web-interface-help/globalprotect/network-globalprotect-portals/globalprotect-portals-authentication-configuration-tab\"\u003edocumentation\u003c/a\u003e."
            }
          ],
          "value": "You can mitigate this issue by using a different form of authentication for the GlobalProtect portal such as Client Certificate Authentication, RADIUS, TACACS+, LDAP, or Kerberos. You can find information about configuring authentication for the GlobalProtect portal in this  documentation https://docs.paloaltonetworks.com/pan-os/11-1/pan-os-web-interface-help/globalprotect/network-globalprotect-portals/globalprotect-portals-authentication-configuration-tab ."
        }
      ],
      "x_affectedList": [
        "GlobalProtect App 6.2.4",
        "GlobalProtect App 6.2.3",
        "GlobalProtect App 6.2.2",
        "GlobalProtect App 6.2.1",
        "GlobalProtect App 6.2.0",
        "GlobalProtect App 6.2",
        "GlobalProtect App 6.1.5",
        "GlobalProtect App 6.1.4",
        "GlobalProtect App 6.1.3",
        "GlobalProtect App 6.1.2",
        "GlobalProtect App 6.1.1",
        "GlobalProtect App 6.1.0",
        "GlobalProtect App 6.1",
        "GlobalProtect App 6.0.8",
        "GlobalProtect App 6.0.7",
        "GlobalProtect App 6.0.6",
        "GlobalProtect App 6.0.5",
        "GlobalProtect App 6.0.4",
        "GlobalProtect App 6.0.3",
        "GlobalProtect App 6.0.2",
        "GlobalProtect App 6.0.1",
        "GlobalProtect App 6.0.0",
        "GlobalProtect App 6.0"
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
    "assignerShortName": "palo_alto",
    "cveId": "CVE-2025-0118",
    "datePublished": "2025-03-12T18:36:44.290Z",
    "dateReserved": "2024-12-20T23:23:19.630Z",
    "dateUpdated": "2025-03-12T18:52:08.115Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

wid-sec-w-2025-0548

Vulnerability from csaf_certbund

CVE-2025-0117 (GCVE-0-2025-0117)

Vulnerability from cvelistv5

CVE-2025-0118 (GCVE-0-2025-0118)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature