CVE-2025-4232

An improper neutralization of wildcards vulnerability in the log collection feature of Palo Alto Networks GlobalProtect™ app on macOS allows a non administrative user to escalate their privileges to root.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://security.paloaltonetworks.com/CVE-2025-4232	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:paloaltonetworks:globalprotect::::::macos::*
	cpe:2.3:a:paloaltonetworks:globalprotect::::::macos::*

History

27 Jun 2025, 16:47

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 8.8
References	~~() https://security.paloaltonetworks.com/CVE-2025-4232 -~~	() https://security.paloaltonetworks.com/CVE-2025-4232 - Vendor Advisory
First Time		Paloaltonetworks globalprotect Paloaltonetworks
CPE		cpe:2.3:a:paloaltonetworks:globalprotect::::::macos::*

16 Jun 2025, 12:32

Type	Values Removed	Values Added
Summary		(es) Una vulnerabilidad de neutralización incorrecta de comodines en la función de recopilación de registros de la aplicación Palo Alto Networks GlobalProtect™ en macOS permite que un usuario no administrativo aumente sus privilegios a root.

13 Jun 2025, 00:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-06-13 00:15

Updated : 2025-06-27 16:47

NVD link : CVE-2025-4232

Mitre link : CVE-2025-4232

CVE.ORG link : CVE-2025-4232

JSON object : View

Products Affected

paloaltonetworks

globalprotect

CWE

CWE-155

Improper Neutralization of Wildcards or Matching Symbols

{"id": "CVE-2025-4232", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}], "cvssMetricV40": [{"type": "Secondary", "source": "psirt@paloaltonetworks.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "USER", "baseScore": 8.5, "Automatable": "NO", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "AMBER", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "MODERATE", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-06-13T00:15:23.697", "references": [{"url": "https://security.paloaltonetworks.com/CVE-2025-4232", "tags": ["Vendor Advisory"], "source": "psirt@paloaltonetworks.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "psirt@paloaltonetworks.com", "description": [{"lang": "en", "value": "CWE-155"}]}], "descriptions": [{"lang": "en", "value": "An improper neutralization of wildcards vulnerability in the log collection feature of Palo Alto Networks GlobalProtect\u2122 app on macOS allows a non administrative user to escalate their privileges to root."}, {"lang": "es", "value": "Una vulnerabilidad de neutralizaci\u00f3n incorrecta de comodines en la funci\u00f3n de recopilaci\u00f3n de registros de la aplicaci\u00f3n Palo Alto Networks GlobalProtect\u2122 en macOS permite que un usuario no administrativo aumente sus privilegios a root."}], "lastModified": "2025-06-27T16:47:32.383", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:macos:*:*", "vulnerable": true, "matchCriteriaId": "B2DE8243-7786-4D7C-A0CB-A3D3E44C9B26", "versionEndExcluding": "6.2.8", "versionStartIncluding": "6.0.0"}, {"criteria": "cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:macos:*:*", "vulnerable": true, "matchCriteriaId": "EFAA1A23-5A3C-48FA-8672-D8329D67A14C", "versionEndExcluding": "6.3.3", "versionStartIncluding": "6.3.0"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@paloaltonetworks.com"}