Palo Alto Networks GlobalProtect Win PrivEsc via Race Condition
CVE-2025-0120 Published on April 11, 2025
GlobalProtect App: Local Privilege Escalation (PE) Vulnerability
A vulnerability with a privilege management mechanism in the Palo Alto Networks GlobalProtect app on Windows devices allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY\SYSTEM. However, execution requires that the local user can also successfully exploit a race condition, which makes this vulnerability difficult to exploit.
Timeline
Initial Publication
Updated the fix version for 6.2.7 23 days later.
Weakness Type
Execution with Unnecessary Privileges
The software performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.
Products Associated with CVE-2025-0120
Want to know whenever a new CVE is published for Palo Alto Networks Globalprotect? stack.watch will email you.
Affected Versions
Palo Alto Networks GlobalProtect App:- Version 6.3.0 and below 6.3.3 is affected.
- Version 6.2.0 and below 6.2.8 is affected.
- Version 6.1.0 is affected.
- Version 6.0.0 is affected.
- Version All is unaffected.
- Version All is unaffected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.