[Palo Alto Networks Security Advisories] CVE-2025-0135 GlobalProtect App on macOS: Non Admin User Can Disable theGlobalProtect App
Palo Alto Networks Security Advisories /CVE-2025-0135
CVE-2025-0135 GlobalProtect App on macOS: Non Admin User Can Disable the GlobalProtect App
Description
An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect™ App on macOS devices enables a locally authenticated non administrative user to disable the app.
The GlobalProtect app on Windows, Linux, iOS, Android, Chrome OS and GlobalProtect UWP app are not affected.
Product Status
| Versions | Affected | Unaffected |
|---|---|---|
| GlobalProtect App | None on Android None on Chrome OS None on iOS None on Windows None on Linux | All on Android All on Chrome OS All on iOS All on Windows All on Linux |
| GlobalProtect App 6.3 | < 6.3.3 on macOS | >= 6.3.3 on macOS |
| GlobalProtect App 6.2 | < 6.2.8 on macOS | >= 6.2.8 on macOS |
| GlobalProtect App 6.1 | All on macOS | None on macOS |
| GlobalProtect App 6.0 | All on macOS | None on macOS |
| GlobalProtect UWP App | None | All |
Required Configuration for Exposure
No special configuration is required to be vulnerable to this issue.
Severity:LOW, Suggested Urgency:MODERATE
CVSS-BT:1.8 /CVSS-B:5.2 (CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber)
Exploitation Status
Palo Alto Networks is not aware of any malicious exploitation of this issue.
Weakness Type and Impact
CWE-266: Incorrect Privilege Assignment
CAPEC-578 Disable Security Software
Solution
| Version | Suggested Solution |
|---|---|
| GlobalProtect App 6.3 on macOS | Upgrade to 6.3.3 or later |
| GlobalProtect App 6.2 on macOS | Upgrade to 6.2.8 or later |
| GlobalProtect App 6.1 on macOS | Upgrade to 6.2.8 or later or 6.3.3 or later |
| GlobalProtect App 6.0 on macOS | Upgrade to 6.2.8 or later or 6.3.3 or later |
| GlobalProtect App on Linux | Not Applicable |
| GlobalProtect App on Windows | Not Applicable |
| GlobalProtect App on iOS | Not Applicable |
| GlobalProtect App on Android | Not Applicable |
| GlobalProtect UWP App | Not Applicable |
Workarounds and Mitigations
No workaround or mitigation is available.
Acknowledgments
CPEs
cpe:2.3:a:paloaltonetworks:globalprotect_app:6.3.2:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:globalprotect_app:6.3.1:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:globalprotect_app:6.3.0:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.4:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.3:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.2:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.1:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.0:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:globalprotect_app:6.3.2:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:globalprotect_app:6.3.1:-:*:*:*:*:*:*
Timeline
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
