CVE-2025-0135

An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect App on macOS devices enables a locally authenticated non administrative user to disable the app.

The GlobalProtect app on Windows, Linux, iOS, Android, Chrome OS and GlobalProtect UWP app are not affected.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
UNKNOWN
---
palo_altoCNA
---
---
CISA-ADPADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 1%
Common Weakness Enumeration
References
https://security.paloaltonetworks.com/CVE-2025-0135