CVE-2025-2183
GlobalProtect App: Improper Certificate Validation Leads to Privilege Escalation
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
An insufficient certificate validation issue in the Palo Alto Networks GlobalProtect™ app enables attackers to connect the GlobalProtect app to arbitrary servers. This can enable a local non-administrative operating system user or an attacker on the same subnet to install malicious root certificates on the endpoint and subsequently install malicious software signed by the malicious root certificates on that endpoint.
| CWE | CWE-295 |
| Vendor | palo alto networks |
| Product | globalprotect app |
| Published | Aug 13, 2025 |
| Last Updated | Feb 26, 2026 |
Stay Ahead of the Next One
Get instant alerts for palo alto networks globalprotect app
Be the first to know when new unknown vulnerabilities affecting palo alto networks globalprotect app are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
Affected Versions
Palo Alto Networks / GlobalProtect App
6.3.0 < 6.3.3-h2 (6.3.3-c676) 6.2.0 < 6.2.8-h3 (6.2.8-c263) 6.1.0 6.0.0
Palo Alto Networks / GlobalProtect App
6.3.0 < 6.3.3 6.2.0 < 11.1.10 6.1.0 6.0.0
Palo Alto Networks / GlobalProtect App
All versions affected Palo Alto Networks / Global Protect UWP App
All versions affected References
Credits
Nikola Markovic of Palo Alto Networks Maxime Escorbiac of Michelin CERT