CVE-2025-0140
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-09

Last updated on: 2025-07-30

Assigner: Palo Alto Networks, Inc.

Description
An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect™ App on macOS devices enables a locally authenticated non administrative user to disable the app even if the GlobalProtect app configuration would not normally permit them to do so. The GlobalProtect app on Windows, Linux, iOS, Android, Chrome OS and GlobalProtect UWP app are not affected.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-09
Last Modified
2025-07-30
Generated
2026-05-27
AI Q&A
2025-07-10
EPSS Evaluated
2026-05-25
NVD
CVE-2025-0140
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
palo_alto_networks globalprotect 6.1
palo_alto_networks globalprotect 6.3
palo_alto_networks globalprotect 6.0
palo_alto_networks globalprotect 6.2
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-266 A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is an incorrect privilege assignment in the Palo Alto Networks GlobalProtect App on macOS and Linux devices. It allows a locally authenticated non-administrative user to disable the GlobalProtect app even if the app's configuration normally would not permit this action.


How can this vulnerability impact me? :

The vulnerability could allow a non-administrative user on macOS or Linux to disable the GlobalProtect app, potentially reducing the security posture of the device by disabling VPN protection or other security features provided by the app.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart