[Palo Alto Networks Security Advisories] CVE-2025-4232 GlobalProtect: Authenticated Code Injection Through Wildcard onmacOS
Palo Alto Networks Security Advisories /CVE-2025-4232
CVE-2025-4232 GlobalProtect: Authenticated Code Injection Through Wildcard on macOS
Description
An improper neutralization of wildcards vulnerability in the log collection feature of Palo Alto Networks GlobalProtect™ app on macOS allows a non administrative user to escalate their privileges to root.
Product Status
| Versions | Affected | Unaffected |
|---|---|---|
| GlobalProtect App | None on Windows, Linux, Android, iOS | All on Windows, Linux, Android, iOS |
| GlobalProtect App 6.3 | < 6.3.3 on macOS | >= 6.3.3 on macOS |
| GlobalProtect App 6.2 | < 6.2.8-h2 on macOS | >= 6.2.8-h2 on macOS [ETA June 2025] |
| GlobalProtect App 6.1 | All on macOS | None on macOS |
| GlobalProtect App 6.0 | All on macOS | None on macOS |
Required Configuration for Exposure
No special configuration is required to be affected by this issue.
Severity:HIGH, Suggested Urgency:MODERATE
CVSS-BT:7.1 /CVSS-B:8.5 (CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/AU:N/R:U/V:D/RE:M/U:Amber)
Exploitation Status
Palo Alto Networks is not aware of any malicious exploitation of this issue.
Weakness Type and Impact
CWE-155: Improper Neutralization of Wildcards or Matching Symbols
Solution
| Version | Minor Version | Suggested Solution |
|---|---|---|
| GlobalProtect App 6.3 on macOS | 6.3.0 through 6.3.2 | Upgrade to 6.3.3 or later. |
| GlobalProtect App 6.2 on macOS | 6.2.0 through 6.2.8-h2 | Upgrade to 6.2.8-h2 [ETA June 2025] or 6.3.3 or later. |
| GlobalProtect App 6.1 on macOS | Upgrade to 6.2.8-h2 [ETA June 2025] or 6.3.3 or later. | |
| GlobalProtect App 6.0 on macOS | Upgrade to 6.2.8-h2 [ETA June 2025] or 6.3.3 or later. | |
| GlobalProtect App on Windows | No action needed. | |
| GlobalProtect App on Linux | No action needed. | |
| GlobalProtect App on Android | No action needed. | |
| GlobalProtect App on iOS | No action needed. |
Workarounds and Mitigations
No workaround or mitigation is available.
Acknowledgments
CPEs
cpe:2.3:a:palo_alto_networks:globalprotect_app:6.3.2:*:*:*:*:macOS:*:*
cpe:2.3:a:palo_alto_networks:globalprotect_app:6.3.1:*:*:*:*:macOS:*:*
cpe:2.3:a:palo_alto_networks:globalprotect_app:6.3.0:*:*:*:*:macOS:*:*
cpe:2.3:a:palo_alto_networks:globalprotect_app:6.2.7:*:*:*:*:macOS:*:*
cpe:2.3:a:palo_alto_networks:globalprotect_app:6.2.6:*:*:*:*:macOS:*:*
cpe:2.3:a:palo_alto_networks:globalprotect_app:6.2.4:*:*:*:*:macOS:*:*
cpe:2.3:a:palo_alto_networks:globalprotect_app:6.2.3:*:*:*:*:macOS:*:*
cpe:2.3:a:palo_alto_networks:globalprotect_app:6.2.2:*:*:*:*:macOS:*:*
cpe:2.3:a:palo_alto_networks:globalprotect_app:6.2.1:*:*:*:*:macOS:*:*
cpe:2.3:a:palo_alto_networks:globalprotect_app:6.2.0:*:*:*:*:macOS:*:*
Timeline
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
