Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-0120

A vulnerability with a privilege management mechanism in the Palo Alto Networks GlobalProtect™ app on Windows devices allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY\SYSTEM. However, execution requires that the local user can also successfully exploit a race condition, which makes this vulnerability difficult to exploit.

Published

2025-04-11T02:15:18.197

Last Modified

2025-06-27T16:51:19.773

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.0 (HIGH)

Weaknesses

Type: Secondary
CWE-250

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	paloaltonetworks	globalprotect	< 6.0.12	Yes
Application	paloaltonetworks	globalprotect	< 6.2.7-1077	Yes
Application	paloaltonetworks	globalprotect	< 6.3.3	Yes

References

https://security.paloaltonetworks.com/CVE-2025-0120 Vendor Advisory ([email protected])