CVE-2025-2179
BaseFortify
Publication date: 2025-07-29
Last updated on: 2025-07-31
Assigner: Palo Alto Networks, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| palo_alto_networks | globalprotect_app | 6.2.0 |
| palo_alto_networks | globalprotect_app | 6.2.7 |
| palo_alto_networks | globalprotect_app | 6.1 |
| palo_alto_networks | globalprotect_app | 6.2.6 |
| palo_alto_networks | globalprotect_app | 6.0 |
| palo_alto_networks | globalprotect_app | 6.2.3 |
| palo_alto_networks | globalprotect_app | 6.2.1 |
| palo_alto_networks | globalprotect_app | 6.2.2 |
| palo_alto_networks | globalprotect_app | 6.2.4 |
| palo_alto_networks | globalprotect_app | 6.2.8 |
| palo_alto_networks | globalprotect_app | 6.2.5 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-266 | A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an incorrect privilege assignment in the Palo Alto Networks GlobalProtect App on Linux devices. It allows a locally authenticated non-administrative user to disable the GlobalProtect App even if the app's configuration is set to prevent such actions. This issue occurs under specific settings related to how the app connects and user permissions to disable it. It affects only Linux versions 6.0.x, 6.1.x, and 6.2.0 through 6.2.8, and does not affect other platforms. [1]
How can this vulnerability impact me? :
The vulnerability can impact you by allowing a non-administrative local user to disable the GlobalProtect App on Linux devices, which can lead to a loss of product availability and potentially reduce the security posture of the device. However, it does not impact confidentiality or integrity of data. There is no user interaction required to exploit this vulnerability, and it has a low attack complexity. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves a locally authenticated non-administrative user being able to disable the GlobalProtect App on Linux. Detection involves verifying the GlobalProtect app version on Linux (affected versions are 6.0.x, 6.1.x, and 6.2.0 through 6.2.8) and checking the app configuration settings, specifically the connect method and the "Allow User to Disable GlobalProtect" setting. You can verify the version by running a command like `globalprotect version` or checking the package version via your Linux package manager. Additionally, check if the app is currently running or has been disabled unexpectedly using commands such as `systemctl status globalprotect` or `ps aux | grep globalprotect`. Configuration settings can be reviewed via the Strata Cloud Manager or Panorama/PAN-OS management interfaces, not directly via command line. There are no specific commands provided to detect the vulnerability itself, but monitoring the app status and version is recommended. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate and recommended mitigation step is to upgrade the GlobalProtect App on Linux to version 6.2.9 or later, as versions 6.2.9 and later are not vulnerable. There are no workarounds or other mitigations available besides upgrading. Additionally, review and adjust the app configuration settings if possible, but the primary mitigation is to update the software. [1]