CVE-2025-0118
HIGHDescription
A vulnerability in the Palo Alto Networks GlobalProtect app on Windows allows a remote attacker to run ActiveX controls within the context of an authenticated Windows user. This enables the attacker to run commands as if they are a legitimate authenticated user. However, to exploit this vulnerability, the authenticated user must navigate to a malicious page during the GlobalProtect SAML login process on a Windows device. This issue does not apply to the GlobalProtect app on other (non-Windows) platforms.
Is your site exposed to CVE-2025-0118?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| paloaltonetworks | globalprotect |
| paloaltonetworks | globalprotect |
| paloaltonetworks | globalprotect |
| paloaltonetworks | globalprotect |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2025-0118? +
How severe is CVE-2025-0118? +
What products are affected by CVE-2025-0118? +
How do I check if I'm vulnerable to CVE-2025-0118? +
Related Vulnerabilities
A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS …
An XML injection vulnerability in the Large Scale VPN (LSVPN) functionality of Palo Alto Networks PAN-OS® software enables an unauthenticated …
Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account takeover for …
An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web …
A buffer overflow vulnerability in the User-ID™ Authentication Portal (aka Captive Portal) service of Palo Alto Networks PAN-OS software allows …
An OS command injection vulnerability in Palo Alto Networks Expedition enables an unauthenticated attacker to run arbitrary OS commands as …