Primary

Context

Palo Alto Networks GlobalProtect App Privilege Escalation Vulnerability on Windows

Vulnerability

Patched

A privilege escalation vulnerability has been identified in the OPSWAT MetaDefender Endpoint Security SDK, which is used by the Palo Alto Networks GlobalProtect app on Windows. This vulnerability allows a locally authenticated non-administrative user to escalate privileges to NT AUTHORITY\SYSTEM. However, exploiting this vulnerability requires successfully navigating a race condition, making it challenging to execute.

Impact

Exploitation of this vulnerability allows for unauthorized privilege escalation to the NT AUTHORITY\SYSTEM account.

Remediation

Users can upgrade to GlobalProtect App version 6.3.3 or later, 6.2.8 or later, or for versions 6.1 and 6.0, to 6.2.8 or later or 6.3.3 or later. Instructions for downloading the GlobalProtect App are available on the Palo Alto Networks support site.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

5.0

exploitability

3.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

5.7

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

5.0

exploitability

3.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

5.7

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Palo Alto Networks GlobalProtect App Privilege Escalation Vulnerability on Windows

Vulnerability

Impact

Remediation

Affected Products

OPSWAT MetaDefender Endpoint Security SDK

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating