[Palo Alto Networks Security Advisories] CVE-2025-0139 Autonomous Digital Experience Manager: Privilege Escalation (PE)Vulnerability
Palo Alto Networks Security Advisories /CVE-2025-0139
CVE-2025-0139 Autonomous Digital Experience Manager: Privilege Escalation (PE) Vulnerability
Description
An incorrect privilege assignment vulnerability in Palo Alto Networks Autonomous Digital Experience Manager allows a locally authenticated low privileged user on macOS endpoints to escalate their privileges to root.
Product Status
| Versions | Affected | Unaffected |
|---|---|---|
| Autonomous Digital Experience Manager 5.6.0 | < 5.6.7 on macOS | >= 5.6.7 on macOS |
Required Configuration for Exposure
No special configuration is required to be vulnerable to this issue.
Severity:LOW, Suggested Urgency:MODERATE
CVSS-BT:2.4 /CVSS-B:6.3 (CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H/E:U/AU:N/R:U/V:D/RE:M/U:Amber)
Exploitation Status
Palo Alto Networks is not aware of any malicious exploitation of this issue.
Weakness Type and Impact
CWE-266 Incorrect Privilege Assignment
CAPEC-233 Privilege Escalation
Solution
| Version | Minor Version | Suggested Solution |
|---|---|---|
| Autonomous Digital Experience Manager 5.6 on macOS | 5.6.0 through 5.6.6 | Upgrade to 5.6.7 or later. |
Workarounds and Mitigations
There are no known workarounds or mitigations for this issue.
Acknowledgments
CPE Applicability
- cpe:2.3:a:palo_alto_networks:autonomous_digital_experience_manager:*:*:*:*:*:macOS:*:* is vulnerable from (including)5.6.0 and up to (excluding)5.6.7
Timeline
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
