CVE-2025-0141 HIGH

CVE-2025-0141: GlobalProtect App: Privilege Escalation (PE) Vulnerability

Vendor Palo Alto Networks
Product GlobalProtect App
Weakness CWE-426
Published July 9, 2025
Last update February 26, 2026

CVSS base score

8.4/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:H/SI:H/SA:H/AU:N/R:U/V:D/RE:M/U:Amber

What the vulnerability does

01Description

An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect™ App on enables a locally authenticated non administrative user to escalate their privileges to root on macOS and Linux or NT AUTHORITY\SYSTEM on Windows. The GlobalProtect app on iOS, Android, Chrome OS and GlobalProtect UWP app are not affected.

Key dates

02Disclosure timeline

July 9, 2025 CVE published
February 26, 2026 Record updated