CVE-2025-0131
GlobalProtect App: Incorrect Privilege Management Vulnerability in OPSWAT MetaDefender Endpoint Security SDK
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
An incorrect privilege management vulnerability in the OPSWAT MetaDefender Endpoint Security SDK used by the Palo Alto Networks GlobalProtect™ app on Windows devices allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY\SYSTEM. However, execution requires that the local user also successfully exploits a race condition, which makes this vulnerability difficult to exploit.
| CWE | CWE-266 |
| Vendor | opswat |
| Product | metadefender endpoint security sdk |
| Published | May 14, 2025 |
| Last Updated | Feb 26, 2026 |
Stay Ahead of the Next One
Get instant alerts for opswat metadefender endpoint security sdk
Be the first to know when new unknown vulnerabilities affecting opswat metadefender endpoint security sdk are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
Affected Versions
OPSWAT / MetaDefender Endpoint Security SDK
4.3.0 < 4.3.4451
References
Credits
Palo Alto Networks thanks Maxime Escourbiac, Michelin CERT, Yassine Bengana, Abicom for Michelin CERT, and Sandro Poppi for discovering and reporting the issue. Palo Alto Networks thanks OPSWAT for remediating this issue in the MetaDefender Endpoint Security SDK.