CVE-2025-4232

UNKNOWN 0.0

GlobalProtect: Authenticated Code Injection Through Wildcard on macOS

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

An improper neutralization of wildcards vulnerability in the log collection feature of Palo Alto Networks GlobalProtect™ app on macOS allows a non administrative user to escalate their privileges to root.

CWE	CWE-155
Vendor	palo alto networks
Product	globalprotect app
Published	Jun 12, 2025
Last Updated	Feb 26, 2026

Stay Ahead of the Next One

Get instant alerts for palo alto networks globalprotect app

Be the first to know when new unknown vulnerabilities affecting palo alto networks globalprotect app are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Palo Alto Networks / GlobalProtect App

6.3 < 6.3.3 6.2.0 < 6.2.8-h2 6.1.0 6.0.0

Palo Alto Networks / GlobalProtect App

All versions affected

References

NVD ↗ CVE.org ↗ EPSS Data ↗

security.paloaltonetworks.com: https://security.paloaltonetworks.com/CVE-2025-4232

Credits

Rutger Flohil