{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-0131","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","state":"PUBLISHED","assignerShortName":"palo_alto","dateReserved":"2024-12-20T23:23:31.911Z","datePublished":"2025-05-14T18:06:45.870Z","dateUpdated":"2026-02-26T18:28:08.560Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","platforms":["Windows"],"product":"MetaDefender Endpoint Security SDK","vendor":"OPSWAT","versions":[{"changes":[{"at":"4.3.4451","status":"unaffected"}],"lessThan":"4.3.4451","status":"affected","version":"4.3.0","versionType":"custom"}]}],"configurations":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"No special configuration is required to be affected by this issue."}],"value":"No special configuration is required to be affected by this issue."}],"cpeApplicability":[{"nodes":[{"cpeMatch":[{"criteria":"cpe:2.3:a:opswat:metadefender_endpoint_security_sdk:*:*:windows:*:*:*:*:*","versionEndExcluding":"4.3.4451","versionStartIncluding":"4.3.0","vulnerable":true}],"negate":false,"operator":"OR"}],"operator":"OR"}],"credits":[{"lang":"en","type":"finder","value":"Palo Alto Networks thanks Maxime Escourbiac, Michelin CERT, Yassine Bengana, Abicom for Michelin CERT, and Sandro Poppi for discovering and reporting the issue. Palo Alto Networks thanks OPSWAT for remediating this issue in the MetaDefender Endpoint Security SDK."}],"datePublic":"2025-05-14T16:00:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"An incorrect privilege management vulnerability in the OPSWAT MetaDefender Endpoint Security SDK used by the Palo Alto Networks GlobalProtect™ app on Windows devices allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY\\SYSTEM. However, execution requires that the local user also successfully exploits a race condition, which makes this vulnerability difficult to exploit."}],"value":"An incorrect privilege management vulnerability in the OPSWAT MetaDefender Endpoint Security SDK used by the Palo Alto Networks GlobalProtect™ app on Windows devices allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY\\SYSTEM. However, execution requires that the local user also successfully exploits a race condition, which makes this vulnerability difficult to exploit."}],"exploits":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue."}],"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue."}],"impacts":[{"capecId":"CAPEC-233","descriptions":[{"lang":"en","value":"CAPEC-233 Privilege Escalation"}]}],"metrics":[{"cvssV4_0":{"Automatable":"NO","Recovery":"USER","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"PRESENT","attackVector":"LOCAL","baseScore":7.1,"baseSeverity":"HIGH","privilegesRequired":"LOW","providerUrgency":"AMBER","subAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","userInteraction":"NONE","valueDensity":"DIFFUSE","vectorString":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:H/SI:H/SA:H/AU:N/R:U/V:D/U:Amber","version":"4.0","vulnAvailabilityImpact":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-266","description":"CWE-266: Incorrect Privilege Assignment","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto","dateUpdated":"2025-05-21T21:11:37.004Z"},"references":[{"tags":["third-party-advisory"],"url":"https://security.paloaltonetworks.com/CVE-2025-0131"},{"tags":["vendor-advisory"],"url":"https://www.opswat.com/docs/mdsdk/release-notes/cve-2025-0131"}],"solutions":[{"lang":"eng","supportingMedia":[{"base64":false,"type":"text/html","value":"This issue is fixed in MetaDefender Endpoint Security SDK 4.3.4451 on Windows, and all later MetaDefender Endpoint Security SDK versions on Windows. To mitigate this issue in the GlobalProtect App on Windows update to one of the listed versions (these versions include the updated MetaDefender Endpoint Security SDK):<br><table><thead><tr><th>Version<br></th><th>Suggested Solution<br></th></tr></thead><tbody><tr><td>GlobalProtect App 6.3 on Windows</td><td>Upgrade to 6.3.3 or later</td></tr><tr><td>GlobalProtect App 6.2 on Windows<br></td><td>Upgrade to 6.2.8 or later<br></td></tr><tr><td>GlobalProtect App 6.1 on Windows<br></td><td>Upgrade to 6.2.8 or later or 6.3.3 or later<br></td></tr><tr><td>GlobalProtect App 6.0 on Windows<br></td><td>Upgrade to 6.2.8 or later or 6.3.3 or later<br></td></tr><tr><td>GlobalProtect App on macOS</td><td>Not applicable</td></tr><tr><td>GlobalProtect App on Linux</td><td>Not applicable</td></tr><tr><td>GlobalProtect App on iOS</td><td>Not applicable</td></tr><tr><td>GlobalProtect App on Android</td><td>Not applicable</td></tr><tr><td>GlobalProtect UWP App</td><td>Not applicable</td></tr></tbody></table>"}],"value":"This issue is fixed in MetaDefender Endpoint Security SDK 4.3.4451 on Windows, and all later MetaDefender Endpoint Security SDK versions on Windows. To mitigate this issue in the GlobalProtect App on Windows update to one of the listed versions (these versions include the updated MetaDefender Endpoint Security SDK):\nVersion\nSuggested Solution\nGlobalProtect App 6.3 on WindowsUpgrade to 6.3.3 or laterGlobalProtect App 6.2 on Windows\nUpgrade to 6.2.8 or later\nGlobalProtect App 6.1 on Windows\nUpgrade to 6.2.8 or later or 6.3.3 or later\nGlobalProtect App 6.0 on Windows\nUpgrade to 6.2.8 or later or 6.3.3 or later\nGlobalProtect App on macOSNot applicableGlobalProtect App on LinuxNot applicableGlobalProtect App on iOSNot applicableGlobalProtect App on AndroidNot applicableGlobalProtect UWP AppNot applicable"}],"source":{"defect":["GPC-21984"],"discovery":"EXTERNAL"},"timeline":[{"lang":"en","time":"2025-05-14T16:00:00.000Z","value":"Initial Publication"}],"title":"GlobalProtect App: Incorrect Privilege Management Vulnerability in OPSWAT MetaDefender Endpoint Security SDK","workarounds":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"No known workarounds or mitigations exist for this issue."}],"value":"No known workarounds or mitigations exist for this issue."}],"x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2025-0131","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"version":"2.0.3","timestamp":"2025-05-17T03:56:04.216714Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-02-26T18:28:08.560Z"}}]}}