CVE-2025-0118

12.03.2025, 19:15

A vulnerability in the Palo Alto Networks GlobalProtect app on Windows allows a remote attacker to run ActiveX controls within the context of an authenticated Windows user. This enables the attacker to run commands as if they are a legitimate authenticated user. However, to exploit this vulnerability, the authenticated user must navigate to a malicious page during the GlobalProtect SAML login process on a Windows device.

This issue does not apply to the GlobalProtect app on other (non-Windows) platforms.

Provider	Type	Base Score	Vector
NIST	NIST	UNKNOWN	---
palo_alto	CNA	---	---
CISA-ADP	ADP	---	---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 29%

Common Weakness Enumeration

CWE-618 - Exposed Unsafe ActiveX Method
An ActiveX control is intended for use in a web browser, but it exposes dangerous methods that perform actions that are outside of the browser's security model (e.g. the zone or domain).

References

https://security.paloaltonetworks.com/CVE-2025-0118