GlobalProtect Insufficient Cert Validation Enables Malicious Software
CVE-2025-2183 Published on August 13, 2025
GlobalProtect App: Improper Certificate Validation Leads to Privilege Escalation
An insufficient certificate validation issue in the Palo Alto Networks GlobalProtect app enables attackers to connect the GlobalProtect app to arbitrary servers. This can enable a local non-administrative operating system user or an attacker on the same subnet to install malicious root certificates on the endpoint and subsequently install malicious software signed by the malicious root certificates on that endpoint.
Timeline
Initial Publication
Weakness Type
Improper Certificate Validation
The software does not validate, or incorrectly validates, a certificate. When a certificate is invalid or malicious, it might allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client. The software might connect to a malicious host while believing it is a trusted host, or the software might be deceived into accepting spoofed data that appears to originate from a trusted host.
Products Associated with CVE-2025-2183
Want to know whenever a new CVE is published for Palo Alto Networks Globalprotect? stack.watch will email you.
Affected Versions
Palo Alto Networks GlobalProtect App:- Version 6.3.0 and below 6.3.3-h2 (6.3.3-c676) is affected.
- Version 6.2.0 and below 6.2.8-h3 (6.2.8-c263) is affected.
- Version 6.1.0 is affected.
- Version 6.0.0 is affected.
- Version 6.3.0 and below 6.3.3 is affected.
- Version 6.2.0 and below 11.1.10 is affected.
- Version 6.1.0 is affected.
- Version 6.0.0 is affected.
- Version All is unaffected.
- Version All is unaffected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.