CVE-2025-4227

EUVD-2025-18244

13.06.2025, 06:15

An improper access control vulnerability in the  Endpoint Traffic Policy Enforcement https://docs.paloaltonetworks.com/globalprotect/6-0/globalprotect-app-new-features/new-features-released-in-gp-app/endpoint-traffic-policy-enforcement  feature of the Palo Alto Networks GlobalProtect™ app allows certain packets to remain unencrypted instead of being properly secured within the tunnel.

An attacker with physical access to the network can inject rogue devices to intercept these packets. Under normal operating conditions, the GlobalProtect app automatically recovers from this interception within one minute.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	3.5 LOW	PHYSICAL	LOW	NONE	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 1%

Affected Products (NVD)

Vendor	Product	Version
paloaltonetworks	globalprotect	6.0.0 ≤ 𝑥 < 6.2.8
paloaltonetworks	globalprotect	6.0.0 ≤ 𝑥 < 6.2.8
paloaltonetworks	globalprotect	6.3.0 ≤ 𝑥 < 6.3.3
paloaltonetworks	globalprotect	6.3.0 ≤ 𝑥 < 6.3.3

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-319 - Cleartext Transmission of Sensitive Information
The software transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

References

https://security.paloaltonetworks.com/CVE-2025-4227