[Palo Alto Networks Security Advisories] CVE-2025-0131 GlobalProtect App: Incorrect Privilege Management Vulnerability inOPSWAT MetaDefender Endpoint Security SDK

Palo Alto Networks Security Advisories /CVE-2025-0131

CVE-2025-0131 GlobalProtect App: Incorrect Privilege Management Vulnerability in OPSWAT MetaDefender Endpoint Security SDK

UrgencyMODERATE

Severity4 ·MEDIUM

Exploit MaturityUNREPORTED

Response EffortN/A

RecoveryUSER

Value DensityDIFFUSE

Attack ComplexityLOW

Attack RequirementsPRESENT

AutomatableNO

User InteractionNONE

Product ConfidentialityNONE

Product IntegrityHIGH

Product AvailabilityNONE

Privileges RequiredLOW

Subsequent ConfidentialityHIGH

Subsequent IntegrityHIGH

Subsequent AvailabilityHIGH

CVE JSON CSAF

Published2025-05-14

Updated2025-05-14

ReferenceGPC-21984

Discoveredexternally

Description

An incorrect privilege management vulnerability in the OPSWAT MetaDefender Endpoint Security SDK used by the Palo Alto Networks GlobalProtect™ app on Windows devices allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY\SYSTEM. However, execution requires that the local user also successfully exploits a race condition, which makes this vulnerability difficult to exploit.

Product Status

Versions	Affected	Unaffected
MetaDefender Endpoint Security SDK 4.3.0	< 4.3.4451 on Windows	>= 4.3.4451 on Windows

Required Configuration for Exposure

No special configuration is required to be affected by this issue.

Severity:MEDIUM, Suggested Urgency:MODERATE

CVSS-BT:4.0 /CVSS-B:7.1 (CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:H/SI:H/SA:H/E:U/AU:N/R:U/V:D/U:Amber)

Exploitation Status

Palo Alto Networks is not aware of any malicious exploitation of this issue.

Weakness Type and Impact

CWE-266: Incorrect Privilege Assignment

CAPEC-233 Privilege Escalation

Solution

This issue is fixed in MetaDefender Endpoint Security SDK 4.3.4451 on Windows, and all later MetaDefender Endpoint Security SDK versions on Windows. To mitigate this issue in the GlobalProtect App on Windows update to one of the listed versions (these versions include the updated MetaDefender Endpoint Security SDK):

Version	Suggested Solution
GlobalProtect App 6.3 on Windows	Upgrade to 6.3.3 or later
GlobalProtect App 6.2 on Windows	Upgrade to 6.2.8 or later
GlobalProtect App 6.1 on Windows	Upgrade to 6.2.8 or later or 6.3.3 or later
GlobalProtect App 6.0 on Windows	Upgrade to 6.2.8 or later or 6.3.3 or later
GlobalProtect App on macOS	Not applicable
GlobalProtect App on Linux	Not applicable
GlobalProtect App on iOS	Not applicable
GlobalProtect App on Android	Not applicable
GlobalProtect UWP App	Not applicable

Workarounds and Mitigations

No known workarounds or mitigations exist for this issue.

Acknowledgments

Palo Alto Networks thanks Maxime Escourbiac, Michelin CERT, Yassine Bengana, Abicom for Michelin CERT, and Sandro Poppi of Wacker Chemie AG for discovering and reporting the issue. Palo Alto Networks thanks OPSWAT for remediating this issue in the MetaDefender Endpoint Security SDK.

Timeline

2025-05-14Initial Publication

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

Buy Me A Coffee

Patreon

To keep up to date follow us on the below channels.

Tags: CVE, OSINT, threatintel

[Palo Alto Networks Security Advisories] CVE-2025-0131 GlobalProtect App: Incorrect Privilege Management Vulnerability inOPSWAT MetaDefender Endpoint Security SDK