/
CVE-2025-0135CVE-2025-0135 GlobalProtect App on macOS: Non Admin User Can Disable the GlobalProtect App
Exploit MaturityUNREPORTED
Response EffortMODERATE
RecoveryUSER
Value DensityDIFFUSE
Attack VectorLOCAL
Attack ComplexityLOW
Attack RequirementsNONE
AutomatableNO
User InteractionPASSIVE
Product ConfidentialityNONE
Product IntegrityLOW
Product AvailabilityHIGH
Privileges RequiredLOW
Subsequent ConfidentialityNONE
Subsequent IntegrityNONE
Subsequent AvailabilityNONE
Description
An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect™ App on macOS devices enables a locally authenticated non administrative user to disable the app.
The GlobalProtect app on Windows, Linux, iOS, Android, Chrome OS and GlobalProtect UWP app are not affected.
Product Status
Required Configuration for Exposure
No special configuration is required to be vulnerable to this issue.
Severity:LOW, Suggested Urgency:MODERATE
CVSS-BT:1.8 /CVSS-B:5.2 (CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber)
Exploitation Status
Palo Alto Networks is not aware of any malicious exploitation of this issue.
Weakness Type and Impact
CWE-266: Incorrect Privilege Assignment
CAPEC-578 Disable Security Software
Solution
| Version | Suggested Solution |
|---|---|
| GlobalProtect App 6.3 on macOS | Upgrade to 6.3.3 or later |
| GlobalProtect App 6.2 on macOS | Upgrade to 6.2.8 or later |
| GlobalProtect App 6.1 on macOS | Upgrade to 6.2.8 or later or 6.3.3 or later |
| GlobalProtect App 6.0 on macOS | Upgrade to 6.2.8 or later or 6.3.3 or later |
| GlobalProtect App on Linux | Not Applicable |
| GlobalProtect App on Windows | Not Applicable |
| GlobalProtect App on iOS | Not Applicable |
| GlobalProtect App on Android | Not Applicable |
| GlobalProtect UWP App | Not Applicable |
Workarounds and Mitigations
No workaround or mitigation is available.
Acknowledgments
Palo Alto Networks thanks Alex Bourla (alex.bourla@form3.tech) and Graham Brereton (graham.brereton@form3.tech) for discovering and reporting the issue.
CPEs
cpe:2.3:a:paloaltonetworks:globalprotect_app:6.3.2:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:globalprotect_app:6.3.1:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:globalprotect_app:6.3.0:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.4:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.3:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.2:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.1:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.0:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:globalprotect_app:6.3.2:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:globalprotect_app:6.3.1:-:*:*:*:*:*:*
Timeline
Initial Publication
