/
CVE-2025-2179CVE-2025-2179 GlobalProtect App: Non Admin User Can Disable the GlobalProtect App
Exploit MaturityUNREPORTED
Response EffortMODERATE
RecoveryUSER
Value DensityDIFFUSE
Attack VectorLOCAL
Attack ComplexityLOW
Attack RequirementsNONE
AutomatableNO
User InteractionNONE
Product ConfidentialityNONE
Product IntegrityNONE
Product AvailabilityHIGH
Privileges RequiredLOW
Subsequent ConfidentialityNONE
Subsequent IntegrityNONE
Subsequent AvailabilityNONE
Description
An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect™ App on Linux devices enables a locally authenticated non administrative user to disable the app even if the GlobalProtect app configuration would not normally permit them to do so.
The GlobalProtect app on Windows, macOS, iOS, Android, Chrome OS and GlobalProtect UWP app are not affected.
Product Status
Required Configuration for Exposure
You are vulnerable to this issue if you have GlobalProtect configured with both of the following configurations:
- Connect method set to 'Every time the user logs on to the machine (Always On)''Allow User to Disable GlobalProtect' set to either Disallow or 'Allow with Passcode'
You can verify if these configurations are enabled by either
- Navigating to GlobalProtect > App Settings - GlobalProtect on the Strata Cloud Manager ORNavigating to Network > GlobalProtect > Portals > Agent on Panorama or PAN-OS management web interface for directly-managed devices.
Severity:MEDIUM, Suggested Urgency:MODERATE
CVSS-BT:4.3 /CVSS-B:6.8 (CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber)
Exploitation Status
Palo Alto Networks is not aware of any malicious exploitation of this issue.
Weakness Type and Impact
CWE-266: Incorrect Privilege Assignment
CAPEC-578 Disable Security Software
Solution
| Version | Minor Version | Suggested Solution |
|---|---|---|
| GlobalProtect App 6.2 on Linux | 6.2.0 through 6.2.8 | Upgrade to 6.2.9 or later. |
| GlobalProtect App 6.1 on Linux | Upgrade to 6.2.9 or later. | |
| GlobalProtect App 6.0 on Linux | Upgrade to 6.2.9 or later. | |
| GlobalProtect App on Android, ChromeOS, iOS, macOS, Windows | No action needed. |
Workarounds and Mitigations
No workaround or mitigation is available.
Acknowledgments
Palo Alto Networks thanks Alex Bourla and Graham Brereton (graham.brereton@form3.tech) for discovering and reporting this issue.
CPEs
cpe:2.3:a:palo_alto_networks:globalprotect_app:6.2.8:*:*:*:*:Linux:*:*
cpe:2.3:a:palo_alto_networks:globalprotect_app:6.2.7:*:*:*:*:Linux:*:*
cpe:2.3:a:palo_alto_networks:globalprotect_app:6.2.6:*:*:*:*:Linux:*:*
cpe:2.3:a:palo_alto_networks:globalprotect_app:6.2.4:*:*:*:*:Linux:*:*
cpe:2.3:a:palo_alto_networks:globalprotect_app:6.2.3:*:*:*:*:Linux:*:*
cpe:2.3:a:palo_alto_networks:globalprotect_app:6.2.2:*:*:*:*:Linux:*:*
cpe:2.3:a:palo_alto_networks:globalprotect_app:6.2.1:*:*:*:*:Linux:*:*
cpe:2.3:a:palo_alto_networks:globalprotect_app:6.2.0:*:*:*:*:Linux:*:*
cpe:2.3:a:palo_alto_networks:globalprotect_app:6.1.7:*:*:*:*:Linux:*:*
cpe:2.3:a:palo_alto_networks:globalprotect_app:6.1.6:*:*:*:*:Linux:*:*
CPE Applicability
- cpe:2.3:a:palo_alto_networks:globalprotect_app:*:*:*:*:*:Linux:*:* is vulnerable from (including)6.2.0 and up to (excluding)6.2.9
- ORcpe:2.3:a:palo_alto_networks:globalprotect_app:*:*:*:*:*:Linux:*:* is vulnerable from (including)6.1.0
- ORcpe:2.3:a:palo_alto_networks:globalprotect_app:*:*:*:*:*:Linux:*:* is vulnerable from (including)6.0.0
Timeline
Initial Publication
