{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-0131", "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "state": "PUBLISHED", "assignerShortName": "palo_alto", "dateReserved": "2024-12-20T23:23:31.911Z", "datePublished": "2025-05-14T18:06:45.870Z", "dateUpdated": "2026-02-26T18:28:08.560Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Windows"], "product": "MetaDefender Endpoint Security SDK", "vendor": "OPSWAT", "versions": [{"changes": [{"at": "4.3.4451", "status": "unaffected"}], "lessThan": "4.3.4451", "status": "affected", "version": "4.3.0", "versionType": "custom"}]}], "configurations": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "No special configuration is required to be affected by this issue."}], "value": "No special configuration is required to be affected by this issue."}], "cpeApplicability": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:opswat:metadefender_endpoint_security_sdk:*:*:windows:*:*:*:*:*", "versionEndExcluding": "4.3.4451", "versionStartIncluding": "4.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "OR"}], "credits": [{"lang": "en", "type": "finder", "value": "Palo Alto Networks thanks Maxime Escourbiac, Michelin CERT, Yassine Bengana, Abicom for Michelin CERT, and Sandro Poppi for discovering and reporting the issue. Palo Alto Networks thanks OPSWAT for remediating this issue in the MetaDefender Endpoint Security SDK."}], "datePublic": "2025-05-14T16:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An incorrect privilege management vulnerability in the OPSWAT MetaDefender Endpoint Security SDK used by the Palo Alto Networks GlobalProtect\u2122 app on Windows devices allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY\\SYSTEM. However, execution requires that the local user also successfully exploits a race condition, which makes this vulnerability difficult to exploit."}], "value": "An incorrect privilege management vulnerability in the OPSWAT MetaDefender Endpoint Security SDK used by the Palo Alto Networks GlobalProtect\u2122 app on Windows devices allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY\\SYSTEM. However, execution requires that the local user also successfully exploits a race condition, which makes this vulnerability difficult to exploit."}], "exploits": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."}], "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."}], "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NO", "Recovery": "USER", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "baseScore": 7.1, "baseSeverity": "HIGH", "privilegesRequired": "LOW", "providerUrgency": "AMBER", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:H/SI:H/SA:H/AU:N/R:U/V:D/U:Amber", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-266", "description": "CWE-266: Incorrect Privilege Assignment", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto", "dateUpdated": "2025-05-21T21:11:37.004Z"}, "references": [{"tags": ["third-party-advisory"], "url": "https://security.paloaltonetworks.com/CVE-2025-0131"}, {"tags": ["vendor-advisory"], "url": "https://www.opswat.com/docs/mdsdk/release-notes/cve-2025-0131"}], "solutions": [{"lang": "eng", "supportingMedia": [{"base64": false, "type": "text/html", "value": "This issue is fixed in MetaDefender Endpoint Security SDK 4.3.4451 on Windows, and all later MetaDefender Endpoint Security SDK versions on Windows. To mitigate this issue in the GlobalProtect App on Windows update to one of the listed versions (these versions include the updated MetaDefender Endpoint Security SDK):<br><table><thead><tr><th>Version<br></th><th>Suggested Solution<br></th></tr></thead><tbody><tr><td>GlobalProtect App 6.3 on Windows</td><td>Upgrade to 6.3.3 or later</td></tr><tr><td>GlobalProtect App 6.2 on Windows<br></td><td>Upgrade to 6.2.8 or later<br></td></tr><tr><td>GlobalProtect App 6.1 on Windows<br></td><td>Upgrade to 6.2.8 or later or 6.3.3 or later<br></td></tr><tr><td>GlobalProtect App 6.0 on Windows<br></td><td>Upgrade to 6.2.8 or later or 6.3.3 or later<br></td></tr><tr><td>GlobalProtect App on macOS</td><td>Not applicable</td></tr><tr><td>GlobalProtect App on Linux</td><td>Not applicable</td></tr><tr><td>GlobalProtect App on iOS</td><td>Not applicable</td></tr><tr><td>GlobalProtect App on Android</td><td>Not applicable</td></tr><tr><td>GlobalProtect UWP App</td><td>Not applicable</td></tr></tbody></table>"}], "value": "This issue is fixed in MetaDefender Endpoint Security SDK 4.3.4451 on Windows, and all later MetaDefender Endpoint Security SDK versions on Windows. To mitigate this issue in the GlobalProtect App on Windows update to one of the listed versions (these versions include the updated MetaDefender Endpoint Security SDK):\nVersion\nSuggested Solution\nGlobalProtect App 6.3 on WindowsUpgrade to 6.3.3 or laterGlobalProtect App 6.2 on Windows\nUpgrade to 6.2.8 or later\nGlobalProtect App 6.1 on Windows\nUpgrade to 6.2.8 or later or 6.3.3 or later\nGlobalProtect App 6.0 on Windows\nUpgrade to 6.2.8 or later or 6.3.3 or later\nGlobalProtect App on macOSNot applicableGlobalProtect App on LinuxNot applicableGlobalProtect App on iOSNot applicableGlobalProtect App on AndroidNot applicableGlobalProtect UWP AppNot applicable"}], "source": {"defect": ["GPC-21984"], "discovery": "EXTERNAL"}, "timeline": [{"lang": "en", "time": "2025-05-14T16:00:00.000Z", "value": "Initial Publication"}], "title": "GlobalProtect App: Incorrect Privilege Management Vulnerability in OPSWAT MetaDefender Endpoint Security SDK", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "No known workarounds or mitigations exist for this issue."}], "value": "No known workarounds or mitigations exist for this issue."}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-0131", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-05-17T03:56:04.216714Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-26T18:28:08.560Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-0131", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-05-14T20:52:21.502631Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-14T20:52:26.477Z"}}], "cna": {"title": "GlobalProtect App: Incorrect Privilege Management Vulnerability in OPSWAT MetaDefender Endpoint Security SDK", "source": {"defect": ["GPC-21984"], "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Palo Alto Networks thanks Maxime Escourbiac, Michelin CERT, Yassine Bengana, Abicom for Michelin CERT, and Sandro Poppi for discovering and reporting the issue. Palo Alto Networks thanks OPSWAT for remediating this issue in the MetaDefender Endpoint Security SDK."}], "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "USER", "baseScore": 7.1, "Automatable": "NO", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:H/SI:H/SA:H/AU:N/R:U/V:D/U:Amber", "providerUrgency": "AMBER", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "OPSWAT", "product": "MetaDefender Endpoint Security SDK", "versions": [{"status": "affected", "changes": [{"at": "4.3.4451", "status": "unaffected"}], "version": "4.3.0", "lessThan": "4.3.4451", "versionType": "custom"}], "platforms": ["Windows"], "defaultStatus": "unaffected"}], "exploits": [{"lang": "en", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.", "supportingMedia": [{"type": "text/html", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.", "base64": false}]}], "timeline": [{"lang": "en", "time": "2025-05-14T16:00:00.000Z", "value": "Initial Publication"}], "solutions": [{"lang": "eng", "value": "This issue is fixed in MetaDefender Endpoint Security SDK 4.3.4451 on Windows, and all later MetaDefender Endpoint Security SDK versions on Windows. To mitigate this issue in the GlobalProtect App on Windows update to one of the listed versions (these versions include the updated MetaDefender Endpoint Security SDK):\nVersion\nSuggested Solution\nGlobalProtect App 6.3 on WindowsUpgrade to 6.3.3 or laterGlobalProtect App 6.2 on Windows\nUpgrade to 6.2.8 or later\nGlobalProtect App 6.1 on Windows\nUpgrade to 6.2.8 or later or 6.3.3 or later\nGlobalProtect App 6.0 on Windows\nUpgrade to 6.2.8 or later or 6.3.3 or later\nGlobalProtect App on macOSNot applicableGlobalProtect App on LinuxNot applicableGlobalProtect App on iOSNot applicableGlobalProtect App on AndroidNot applicableGlobalProtect UWP AppNot applicable", "supportingMedia": [{"type": "text/html", "value": "This issue is fixed in MetaDefender Endpoint Security SDK 4.3.4451 on Windows, and all later MetaDefender Endpoint Security SDK versions on Windows. To mitigate this issue in the GlobalProtect App on Windows update to one of the listed versions (these versions include the updated MetaDefender Endpoint Security SDK):<br><table><thead><tr><th>Version<br></th><th>Suggested Solution<br></th></tr></thead><tbody><tr><td>GlobalProtect App 6.3 on Windows</td><td>Upgrade to 6.3.3 or later</td></tr><tr><td>GlobalProtect App 6.2 on Windows<br></td><td>Upgrade to 6.2.8 or later<br></td></tr><tr><td>GlobalProtect App 6.1 on Windows<br></td><td>Upgrade to 6.2.8 or later or 6.3.3 or later<br></td></tr><tr><td>GlobalProtect App 6.0 on Windows<br></td><td>Upgrade to 6.2.8 or later or 6.3.3 or later<br></td></tr><tr><td>GlobalProtect App on macOS</td><td>Not applicable</td></tr><tr><td>GlobalProtect App on Linux</td><td>Not applicable</td></tr><tr><td>GlobalProtect App on iOS</td><td>Not applicable</td></tr><tr><td>GlobalProtect App on Android</td><td>Not applicable</td></tr><tr><td>GlobalProtect UWP App</td><td>Not applicable</td></tr></tbody></table>", "base64": false}]}], "datePublic": "2025-05-14T16:00:00.000Z", "references": [{"url": "https://security.paloaltonetworks.com/CVE-2025-0131", "tags": ["third-party-advisory"]}, {"url": "https://www.opswat.com/docs/mdsdk/release-notes/cve-2025-0131", "tags": ["vendor-advisory"]}], "workarounds": [{"lang": "en", "value": "No known workarounds or mitigations exist for this issue.", "supportingMedia": [{"type": "text/html", "value": "No known workarounds or mitigations exist for this issue.", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "An incorrect privilege management vulnerability in the OPSWAT MetaDefender Endpoint Security SDK used by the Palo Alto Networks GlobalProtect\u2122 app on Windows devices allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY\\SYSTEM. However, execution requires that the local user also successfully exploits a race condition, which makes this vulnerability difficult to exploit.", "supportingMedia": [{"type": "text/html", "value": "An incorrect privilege management vulnerability in the OPSWAT MetaDefender Endpoint Security SDK used by the Palo Alto Networks GlobalProtect\u2122 app on Windows devices allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY\\SYSTEM. However, execution requires that the local user also successfully exploits a race condition, which makes this vulnerability difficult to exploit.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-266", "description": "CWE-266: Incorrect Privilege Assignment"}]}], "configurations": [{"lang": "en", "value": "No special configuration is required to be affected by this issue.", "supportingMedia": [{"type": "text/html", "value": "No special configuration is required to be affected by this issue.", "base64": false}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:opswat:metadefender_endpoint_security_sdk:*:*:windows:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "4.3.4451", "versionStartIncluding": "4.3.0"}], "operator": "OR"}], "operator": "OR"}], "providerMetadata": {"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto", "dateUpdated": "2025-05-21T21:11:37.004Z"}}}, "cveMetadata": {"cveId": "CVE-2025-0131", "state": "PUBLISHED", "dateUpdated": "2025-05-21T21:11:37.004Z", "dateReserved": "2024-12-20T23:23:31.911Z", "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "datePublished": "2025-05-14T18:06:45.870Z", "assignerShortName": "palo_alto"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An incorrect privilege management vulnerability in the OPSWAT MetaDefender Endpoint Security SDK used by the Palo Alto Networks GlobalProtect\u2122 app on Windows devices allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY\\SYSTEM. However, execution requires that the local user also successfully exploits a race condition, which makes this vulnerability difficult to exploit."}, {"lang": "es", "value": "Una vulnerabilidad de gesti\u00f3n incorrecta de privilegios en el SDK de seguridad de endpoints OPSWAT MetaDefender, utilizado por la aplicaci\u00f3n GlobalProtect\u2122 de Palo Alto Networks en dispositivos Windows, permite que un usuario de Windows no administrativo autenticado localmente escale sus privilegios a NT AUTHORITY\\SYSTEM. Sin embargo, la ejecuci\u00f3n requiere que el usuario local tambi\u00e9n explote con \u00e9xito una condici\u00f3n de carrera, lo que dificulta la explotaci\u00f3n de esta vulnerabilidad."}], "id": "CVE-2025-0131", "lastModified": "2025-05-16T14:43:56.797", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NO", "Recovery": "USER", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "AMBER", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:X/U:Amber", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "psirt@paloaltonetworks.com", "type": "Secondary"}]}, "published": "2025-05-14T19:15:51.233", "references": [{"source": "psirt@paloaltonetworks.com", "url": "https://security.paloaltonetworks.com/CVE-2025-0131"}, {"source": "psirt@paloaltonetworks.com", "url": "https://www.opswat.com/docs/mdsdk/release-notes/cve-2025-0131"}], "sourceIdentifier": "psirt@paloaltonetworks.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-266"}], "source": "psirt@paloaltonetworks.com", "type": "Secondary"}]}

{}

{}