The vulnerability, classified as an incorrect privilege assignment flaw, poses significant security risks for organizations relying on the popular enterprise VPN solution.
The security flaw affects multiple versions of the GlobalProtect app across Windows, macOS, and Linux platforms, allowing non-administrative users who already have local access to a system to gain complete administrative control.
This type of privilege escalation attack could enable malicious actors to install software, modify system configurations, access sensitive data, or establish persistent backdoors on compromised systems.
The vulnerability has been assigned a CVSS score of 5.7 under the base temporal scoring system and 8.4 under the base scoring system, indicating a medium severity level with moderate urgency for remediation.
Palo Alto Networks categorizes this as a CWE-426 Untrusted Search Path weakness, which typically involves applications loading resources from insecure locations that attackers can manipulate.
Notably, the GlobalProtect applications on iOS, Android, Chrome OS, and the GlobalProtect UWP app remain unaffected by this vulnerability. The company emphasizes that no special configuration is required for systems to be vulnerable, meaning all default installations of affected versions are at risk.
The vulnerability impacts several major versions of GlobalProtect. For version 6.3 users on macOS and Windows, systems running versions prior to 6.3.3-h1 (6.3.3-c650) are vulnerable and should upgrade immediately. Version 6.2 users on macOS and Windows need to update to 6.2.8-h2 (6.2.8-c243) or later, while Linux users should upgrade to version 6.2.8 or later, with the fix expected to be available by July 11, 2025.
All installations of GlobalProtect versions 6.1 and 6.0 across macOS, Windows, and Linux platforms are affected and require immediate upgrades to the latest patched versions. The company provides specific upgrade paths for each platform and version combination.
Palo Alto Networks explicitly states that no workarounds or mitigations are available for this vulnerability, making immediate software updates the only viable solution.
The company reports no known malicious exploitation of this issue in the wild, but organizations should prioritize patching efforts given the potential for privilege escalation attacks.
The vulnerability was discovered and reported by security researchers Alex Bourla and Graham Brereton, whom Palo Alto Networks has acknowledged for their responsible disclosure.
Organizations using GlobalProtect should implement the recommended updates as soon as possible to maintain their security posture.
Investigate live malware behavior, trace every step of an attack, and make faster, smarter security decisions -> Try ANY.RUN now
The post Palo Alto Networks GlobalProtect Vulnerability Allows Root User Privilege Escalation appeared first on Cyber Security News.
Tension: Workers who once swore they’d quit have quietly returned to offices they said they’d…
Tension: We’ve automated productivity’s appearance while the actual problem—how humans work together and decide—remains untouched.…
Ubisoft’s mysterious Assassin’s Creed Hexe project seems to be going through a rough patch, as…
Concerns over allegations of excessive police force on February 20 when a Quakertown high school…
Less than an hour before showtime, eight Concord High School girls helped put tiny braids…
The rural character of the Kearsarge region defines almost every dimension of food access for…
This website uses cookies.