CVE-2025-0118

A vulnerability in the Palo Alto Networks GlobalProtect app on Windows allows a remote attacker to run ActiveX controls within the context of an authenticated Windows user. This enables the attacker to run commands as if they are a legitimate authenticated user. However, to exploit this vulnerability, the authenticated user must navigate to a malicious page during the GlobalProtect SAML login process on a Windows device.

This issue does not apply to the GlobalProtect app on other (non-Windows) platforms.

Published: Mar 12, 2025
Updated: Jun 28, 2025
CVE: CVE-2025-0118
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8
AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
paloaltonetworks / globalprotect	6.2.0	6.2.5
paloaltonetworks / globalprotect	6.0.0	6.0.11
paloaltonetworks / globalprotect	6.1.0	6.1.6
paloaltonetworks / globalprotect	6.3.0	6.3.3

https://security.paloaltonetworks.com/CVE-2025-0118

Vulnerability Database

289,599

CVE-2025-0118