CVE-2025-0131 HIGH

CVE-2025-0131: GlobalProtect App: Incorrect Privilege Management Vulnerability in OPSWAT MetaDefender Endpoint Security SDK

Vendor Opswat
Product MetaDefender Endpoint Security SDK
Weakness CWE-266
Published May 14, 2025
Last update February 26, 2026

CVSS base score

7.1/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:H/SI:H/SA:H/AU:N/R:U/V:D/U:Amber

What the vulnerability does

01Description

An incorrect privilege management vulnerability in the OPSWAT MetaDefender Endpoint Security SDK used by the Palo Alto Networks GlobalProtect™ app on Windows devices allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY\SYSTEM. However, execution requires that the local user also successfully exploits a race condition, which makes this vulnerability difficult to exploit.

Key dates

02Disclosure timeline

May 14, 2025 CVE published
February 26, 2026 Record updated