Palo Alto GlobalProtect: Wildcard Escalation in Log Collection
CVE-2025-4232 Published on June 13, 2025
GlobalProtect: Authenticated Code Injection Through Wildcard on macOS
An improper neutralization of wildcards vulnerability in the log collection feature of Palo Alto Networks GlobalProtect app on macOS allows a non administrative user to escalate their privileges to root.
Timeline
Initial Publication
Weakness Type
Improper Neutralization of Wildcards or Matching Symbols
The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as wildcards or matching symbols when they are sent to a downstream component. As data is parsed, an injected element may cause the process to take unexpected actions.
Products Associated with CVE-2025-4232
Want to know whenever a new CVE is published for Palo Alto Networks Globalprotect? stack.watch will email you.
Affected Versions
Palo Alto Networks GlobalProtect App:- Version 6.3 and below 6.3.3 is affected.
- Version 6.2.0 and below 6.2.8-h2 is affected.
- Version 6.1.0 is affected.
- Version 6.0.0 is affected.
- Version All is unaffected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.