Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-gg8q-gxm4-v22c

Опубликовано: 11 апр. 2025
Источник: github
Github: Не прошло ревью
CVSS4: 7.1
CVSS3: 7

Описание

A vulnerability with a privilege management mechanism in the Palo Alto Networks GlobalProtect™ app on Windows devices allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY\SYSTEM. However, execution requires that the local user can also successfully exploit a race condition, which makes this vulnerability difficult to exploit.

A vulnerability with a privilege management mechanism in the Palo Alto Networks GlobalProtect™ app on Windows devices allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY\SYSTEM. However, execution requires that the local user can also successfully exploit a race condition, which makes this vulnerability difficult to exploit.

Ссылки

EPSS

Процентиль: 4%
0.0002
Низкий

7.1 High

CVSS4

7 High

CVSS3

CVE ID

CVE-2025-0120

Дефекты

CWE-250

Связанные уязвимости

nvd логотип

CVE-2025-0120

CVSS3: 7
nvd
4 месяца назад

A vulnerability with a privilege management mechanism in the Palo Alto Networks GlobalProtect™ app on Windows devices allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY\SYSTEM. However, execution requires that the local user can also successfully exploit a race condition, which makes this vulnerability difficult to exploit.

fstec логотип

BDU:2025-09221

CVSS3: 7.8
fstec
4 месяца назад

Уязвимость программного средства для обеспечения безопасного удаленного доступа к данным Palo Alto Networks GlobalProtect App, связанная с ошибками при управлении привилегиями, позволяющая нарушителю повысить свои привилегии

EPSS

Процентиль: 4%
0.0002
Низкий

7.1 High

CVSS4

7 High

CVSS3

CVE ID

CVE-2025-0120

Дефекты

CWE-250