Palo Alto Networks GlobalProtect App
Easy fix5 remedies
cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:windows:*:*
Easy fix5 remedies
- >= 6.3, < 6.3.3
- >= 6.2, < 6.2.5
- >= 6.1, < 6.1.6
- >= 6.0, < 6.0.11
Palo Alto Networks GlobalProtect App ActiveX Control Execution Vulnerability on Windows
Vulnerability
Patched
A vulnerability exists in the Palo Alto Networks GlobalProtect app for Windows, allowing remote attackers to execute ActiveX controls as if they were authenticated users. This exploitation requires the user to visit a malicious website during the GlobalProtect SAML login process. The vulnerability is not present in the GlobalProtect app on non-Windows platforms.
Impact
Exploitation of this vulnerability could lead to unauthorized execution of commands on the affected user's system, potentially allowing the attacker to perform actions as a legitimate user.
Remediation
Users can upgrade to GlobalProtect App versions 6.3.3 or later, 6.2.5 or later, 6.1.6 or later, or 6.0.11 or later on Windows. For GlobalProtect App on macOS, Linux, iOS, Android, or the UWP version, no action is needed.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
6.6impact
7.5exploitability
3.8remediation
7.9relevance
0.0threat
0.0urgency
5.7incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.