An incorrect privilege assignment vulnerability in Palo Alto Networks Autonomous Digital Experience Manager allows a locally authenticated low privileged user on macOS endpoints to escalate their privileges to root.
Fixes

Solution

No solution given by the vendor.


Workaround

There are no known workarounds or mitigations for this issue.

History

Tue, 15 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00013}

epss

{'score': 0.00015}


Thu, 10 Jul 2025 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 09 Jul 2025 23:15:00 +0000

Type Values Removed Values Added
Description An incorrect privilege assignment vulnerability in Palo Alto Networks Autonomous Digital Experience Manager allows a locally authenticated low privileged user on macOS endpoints to escalate their privileges to root.
Title Autonomous Digital Experience Manager: Privilege Escalation (PE) Vulnerability
Weaknesses CWE-266
References
Metrics cvssV4_0

{'score': 6.3, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H/AU:N/R:U/V:D/RE:M/U:Amber'}


cve-icon MITRE

Status: PUBLISHED

Assigner: palo_alto

Published:

Updated: 2025-08-13T19:44:49.218Z

Reserved: 2024-12-20T23:24:42.333Z

Link: CVE-2025-0139

cve-icon Vulnrichment

Updated: 2025-07-10T19:59:34.385Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-07-09T23:15:24.150

Modified: 2025-07-10T13:17:30.017

Link: CVE-2025-0139

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.