Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-2183

Summary
Assigner-palo_alto
Assigner Org ID-d6c1279f-00f6-4ef7-9217-f89ffe703ec0
Published At-13 Aug, 2025 | 17:05
Updated At-16 Aug, 2025 | 03:55
Rejected At-
Credits

GlobalProtect App: Improper Certificate Validation Leads to Privilege Escalation

An insufficient certificate validation issue in the Palo Alto Networks GlobalProtect™ app enables attackers to connect the GlobalProtect app to arbitrary servers. This can enable a local non-administrative operating system user or an attacker on the same subnet to install malicious root certificates on the endpoint and subsequently install malicious software signed by the malicious root certificates on that endpoint.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:palo_alto
Assigner Org ID:d6c1279f-00f6-4ef7-9217-f89ffe703ec0
Published At:13 Aug, 2025 | 17:05
Updated At:16 Aug, 2025 | 03:55
Rejected At:
▼CVE Numbering Authority (CNA)
GlobalProtect App: Improper Certificate Validation Leads to Privilege Escalation

An insufficient certificate validation issue in the Palo Alto Networks GlobalProtect™ app enables attackers to connect the GlobalProtect app to arbitrary servers. This can enable a local non-administrative operating system user or an attacker on the same subnet to install malicious root certificates on the endpoint and subsequently install malicious software signed by the malicious root certificates on that endpoint.

Affected Products
Vendor
Palo Alto Networks, Inc.Palo Alto Networks
Product
GlobalProtect App
CPEs
  • cpe:2.3:a:palo_alto_networks:globalprotect_app:6.3.2:*:*:*:*:Windows:*:*
  • cpe:2.3:a:palo_alto_networks:globalprotect_app:6.3.1:*:*:*:*:Windows:*:*
  • cpe:2.3:a:palo_alto_networks:globalprotect_app:6.3.0:*:*:*:*:Windows:*:*
  • cpe:2.3:a:palo_alto_networks:globalprotect_app:6.2.8-c243:*:*:*:*:Windows:*:*
  • cpe:2.3:a:palo_alto_networks:globalprotect_app:6.2.8:*:*:*:*:Windows:*:*
  • cpe:2.3:a:palo_alto_networks:globalprotect_app:6.2.7:*:*:*:*:Windows:*:*
  • cpe:2.3:a:palo_alto_networks:globalprotect_app:6.2.6:*:*:*:*:Windows:*:*
  • cpe:2.3:a:palo_alto_networks:globalprotect_app:6.2.4:*:*:*:*:Windows:*:*
  • cpe:2.3:a:palo_alto_networks:globalprotect_app:6.2.3:*:*:*:*:Windows:*:*
  • cpe:2.3:a:palo_alto_networks:globalprotect_app:6.2.2:*:*:*:*:Windows:*:*
  • cpe:2.3:a:palo_alto_networks:globalprotect_app:6.2.1:*:*:*:*:Windows:*:*
  • cpe:2.3:a:palo_alto_networks:globalprotect_app:6.2.0:*:*:*:*:Windows:*:*
  • cpe:2.3:a:palo_alto_networks:globalprotect_app:6.1.9:*:*:*:*:Windows:*:*
  • cpe:2.3:a:palo_alto_networks:globalprotect_app:6.1.7:*:*:*:*:Windows:*:*
  • cpe:2.3:a:palo_alto_networks:globalprotect_app:6.1.6:*:*:*:*:Windows:*:*
  • cpe:2.3:a:palo_alto_networks:globalprotect_app:6.1.5:*:*:*:*:Windows:*:*
  • cpe:2.3:a:palo_alto_networks:globalprotect_app:6.1.4:*:*:*:*:Windows:*:*
  • cpe:2.3:a:palo_alto_networks:globalprotect_app:6.1.3:*:*:*:*:Windows:*:*
  • cpe:2.3:a:palo_alto_networks:globalprotect_app:6.1.2:*:*:*:*:Windows:*:*
  • cpe:2.3:a:palo_alto_networks:globalprotect_app:6.1.1:*:*:*:*:Windows:*:*
  • cpe:2.3:a:palo_alto_networks:globalprotect_app:6.1.0:*:*:*:*:Windows:*:*
  • cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.11:*:*:*:*:Windows:*:*
  • cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.10:*:*:*:*:Windows:*:*
  • cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.8:*:*:*:*:Windows:*:*
  • cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.7:*:*:*:*:Windows:*:*
  • cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.6:*:*:*:*:Windows:*:*
  • cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.5:*:*:*:*:Windows:*:*
  • cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.4:*:*:*:*:Windows:*:*
  • cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.3:*:*:*:*:Windows:*:*
  • cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.2:*:*:*:*:Windows:*:*
  • cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.1:*:*:*:*:Windows:*:*
  • cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.0:*:*:*:*:Windows:*:*
Platforms
  • Windows
Default Status
unaffected
Versions
Affected
  • From 6.3.0 before 6.3.3-h2 (6.3.3-c676) (custom)
    • -> unaffectedfrom6.3.3-h2 (6.3.3-c676)
  • From 6.2.0 before 6.2.8-h3 (6.2.8-c263) (custom)
    • -> unaffectedfrom6.2.8-h3 (6.2.8-c263)
  • 6.1.0 (custom)
  • 6.0.0 (custom)
Vendor
Palo Alto Networks, Inc.Palo Alto Networks
Product
GlobalProtect App
CPEs
  • cpe:2.3:a:palo_alto_networks:globalprotect_app:6.3.2:*:*:*:*:Linux:*:*
  • cpe:2.3:a:palo_alto_networks:globalprotect_app:6.3.1:*:*:*:*:Linux:*:*
  • cpe:2.3:a:palo_alto_networks:globalprotect_app:6.3.0:*:*:*:*:Linux:*:*
  • cpe:2.3:a:palo_alto_networks:globalprotect_app:6.2.8-c243:*:*:*:*:Linux:*:*
  • cpe:2.3:a:palo_alto_networks:globalprotect_app:6.2.8:*:*:*:*:Linux:*:*
  • cpe:2.3:a:palo_alto_networks:globalprotect_app:6.2.7:*:*:*:*:Linux:*:*
  • cpe:2.3:a:palo_alto_networks:globalprotect_app:6.2.6:*:*:*:*:Linux:*:*
  • cpe:2.3:a:palo_alto_networks:globalprotect_app:6.2.4:*:*:*:*:Linux:*:*
  • cpe:2.3:a:palo_alto_networks:globalprotect_app:6.2.3:*:*:*:*:Linux:*:*
  • cpe:2.3:a:palo_alto_networks:globalprotect_app:6.2.2:*:*:*:*:Linux:*:*
  • cpe:2.3:a:palo_alto_networks:globalprotect_app:6.2.1:*:*:*:*:Linux:*:*
  • cpe:2.3:a:palo_alto_networks:globalprotect_app:6.2.0:*:*:*:*:Linux:*:*
  • cpe:2.3:a:palo_alto_networks:globalprotect_app:6.1.9:*:*:*:*:Linux:*:*
  • cpe:2.3:a:palo_alto_networks:globalprotect_app:6.1.7:*:*:*:*:Linux:*:*
  • cpe:2.3:a:palo_alto_networks:globalprotect_app:6.1.6:*:*:*:*:Linux:*:*
  • cpe:2.3:a:palo_alto_networks:globalprotect_app:6.1.5:*:*:*:*:Linux:*:*
  • cpe:2.3:a:palo_alto_networks:globalprotect_app:6.1.4:*:*:*:*:Linux:*:*
  • cpe:2.3:a:palo_alto_networks:globalprotect_app:6.1.3:*:*:*:*:Linux:*:*
  • cpe:2.3:a:palo_alto_networks:globalprotect_app:6.1.2:*:*:*:*:Linux:*:*
  • cpe:2.3:a:palo_alto_networks:globalprotect_app:6.1.1:*:*:*:*:Linux:*:*
  • cpe:2.3:a:palo_alto_networks:globalprotect_app:6.1.0:*:*:*:*:Linux:*:*
  • cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.11:*:*:*:*:Linux:*:*
  • cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.10:*:*:*:*:Linux:*:*
  • cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.8:*:*:*:*:Linux:*:*
  • cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.7:*:*:*:*:Linux:*:*
  • cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.6:*:*:*:*:Linux:*:*
  • cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.5:*:*:*:*:Linux:*:*
  • cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.4:*:*:*:*:Linux:*:*
  • cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.3:*:*:*:*:Linux:*:*
  • cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.2:*:*:*:*:Linux:*:*
  • cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.1:*:*:*:*:Linux:*:*
  • cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.0:*:*:*:*:Linux:*:*
Platforms
  • Linux
Default Status
unaffected
Versions
Affected
  • From 6.3.0 before 6.3.3 (custom)
    • -> unaffectedfrom6.3.3
  • From 6.2.0 before 11.1.10 (custom)
    • -> unaffectedfrom11.1.10
  • 6.1.0 (custom)
  • 6.0.0 (custom)
Vendor
Palo Alto Networks, Inc.Palo Alto Networks
Product
GlobalProtect App
Platforms
  • Android
  • iOS
  • macOS
Default Status
unaffected
Versions
Unaffected
  • All (custom)
Vendor
Palo Alto Networks, Inc.Palo Alto Networks
Product
Global Protect UWP App
Default Status
unaffected
Versions
Unaffected
  • All (custom)
Problem Types
TypeCWE IDDescription
CWECWE-295CWE-295 Improper Certificate Validation
Type: CWE
CWE ID: CWE-295
Description: CWE-295 Improper Certificate Validation
Metrics
VersionBase scoreBase severityVector
4.05.3MEDIUM
CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/AU:N/R:U/V:D/U:Amber
Version: 4.0
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/AU:N/R:U/V:D/U:Amber
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-233CAPEC-233 Privilege Escalation
CAPEC ID: CAPEC-233
Description: CAPEC-233 Privilege Escalation
Solutions

Version Minor Version Suggested Solution GlobalProtect App 6.3 on Windows 6.3.0 through 6.3.2 Upgrade to 6.3.2-h9 or 6.3.3-h2 or later*. GlobalProtect App 6.2 on Windows 6.2.0 through 6.2.8 Upgrade to 6.2.8-h3 or later*. GlobalProtect App 6.1 on WindowsUpgrade to 6.2.8-h3 or 6.3.3-h2 or later*. GlobalProtect App 6.0 on Windows Upgrade to 6.2.8-h3 or 6.3.3-h2 or later*. GlobalProtect App 6.3 on Linux 6.3.0 through 6.3.2 Upgrade to 6.3.3 or later*. GlobalProtect App 6.2 on LinuxUpgrade to 6.3.3 or later*.GlobalProtect App 6.1 on LinuxUpgrade to 6.3.3 or later*.GlobalProtect App 6.0 on LinuxUpgrade to 6.3.3 or later*.GlobalProtect App on Android, iOS, macOS No action needed.GlobalProtect UWP App No action needed. * In addition to the software updates listed above, additional steps are required to protect against this vulnerability as described below: Solution for new and existing GlobalProtect app installation on Windows / Linux * Ensure the portal/gateway certificate can be validated using the operating system's certificate store (e.g., Local Machine Certificate Store or Current User Certificate Store in Windows; for Linux, refer to this documentation https://docs.paloaltonetworks.com/globalprotect/6-2/globalprotect-app-user-guide/globalprotect-app-for-linux/support-for-native-certificate-store-for-prisma-access-and-globalprotect-app ). * Remove any certificates associated with portal/gateway validation from the "Trusted Root CA" list on the Portal.  * Enable portal setting: “Enable Strict Certificate Check” (set FULLCHAINCERTVERIFY to yes).

Configurations

GlobalProtect installations are impacted if either of the following conditions is true: 1. The portal pushes certificates to the client, which are then used to validate the Portal or Gateway's certificate. These certificates are stored in the tca.cer https://knowledgebase.paloaltonetworks.com/KCSArticleDetail file. If the certificates listed in "Trusted Root CA" include the entire certificate chain for the Portal or Gateway certificate, the configuration will be vulnerable. 2. GlobalProtect app is deployed with the “FULLCHAINCERTVERIFY” option set to yes. To learn more about this configuration, see the Solution section of this advisory https://security.paloaltonetworks.com/CVE-2024-5921 .

Workarounds

No known workarounds exist for this issue.

Exploits

Palo Alto Networks is not aware of any malicious exploitation of this issue.

Credits
finder
Nikola Markovic of Palo Alto Networks
finder
Maxime Escorbiac of Michelin CERT
Timeline
EventDate
Initial Publication2025-08-13 16:00:00
Event: Initial Publication
Date: 2025-08-13 16:00:00
Replaced By
Rejected Reason
References
HyperlinkResource
https://security.paloaltonetworks.com/CVE-2025-2183
vendor-advisory
Hyperlink: https://security.paloaltonetworks.com/CVE-2025-2183
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@paloaltonetworks.com
Published At:13 Aug, 2025 | 17:15
Updated At:13 Aug, 2025 | 17:33

An insufficient certificate validation issue in the Palo Alto Networks GlobalProtect™ app enables attackers to connect the GlobalProtect app to arbitrary servers. This can enable a local non-administrative operating system user or an attacker on the same subnet to install malicious root certificates on the endpoint and subsequently install malicious software signed by the malicious root certificates on that endpoint.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.05.3MEDIUM
CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:X/U:Amber
Type: Secondary
Version: 4.0
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:X/U:Amber
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-295Secondarypsirt@paloaltonetworks.com
CWE ID: CWE-295
Type: Secondary
Source: psirt@paloaltonetworks.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://security.paloaltonetworks.com/CVE-2025-2183psirt@paloaltonetworks.com
N/A
Hyperlink: https://security.paloaltonetworks.com/CVE-2025-2183
Source: psirt@paloaltonetworks.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

3Records found
CVE-2024-5921
Matching Score-6
Assigner-Palo Alto Networks, Inc.
ShareView Details
Matching Score-6
Assigner-Palo Alto Networks, Inc.
CVSS Score-6||MEDIUM
EPSS-0.13% / 33.55%
||
7 Day CHG~0.00%
Published-27 Nov, 2024 | 03:50
Updated-27 Jun, 2025 | 16:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GlobalProtect App: Insufficient Certificate Validation Leads to Privilege Escalation

An insufficient certification validation issue in the Palo Alto Networks GlobalProtect app enables attackers to connect the GlobalProtect app to arbitrary servers. This can enable a local non-administrative operating system user or an attacker on the same subnet to install malicious root certificates on the endpoint and subsequently install malicious software signed by the malicious root certificates on that endpoint. Please subscribe to our RSS feed https://security.paloaltonetworks.com/rss.xml to be alerted to new updates to this and other advisories.

Action-Not Available
Vendor-Palo Alto Networks, Inc.
Product-globalprotectGlobalProtect App
CWE ID-CWE-295
Improper Certificate Validation
CVE-2024-5918
Matching Score-6
Assigner-Palo Alto Networks, Inc.
ShareView Details
Matching Score-6
Assigner-Palo Alto Networks, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.06% / 18.22%
||
7 Day CHG~0.00%
Published-14 Nov, 2024 | 09:38
Updated-15 Nov, 2024 | 13:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PAN-OS: Improper Certificate Validation Enables Impersonation of a Legitimate GlobalProtect User

An improper certificate validation vulnerability in Palo Alto Networks PAN-OS software enables an authorized user with a specially crafted client certificate to connect to an impacted GlobalProtect portal or GlobalProtect gateway as a different legitimate user. This attack is possible only if you "Allow Authentication with User Credentials OR Client Certificate."

Action-Not Available
Vendor-Palo Alto Networks, Inc.
Product-Cloud NGFWPAN-OSPrisma Access
CWE ID-CWE-295
Improper Certificate Validation
CVE-2020-2033
Matching Score-6
Assigner-Palo Alto Networks, Inc.
ShareView Details
Matching Score-6
Assigner-Palo Alto Networks, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.11% / 30.79%
||
7 Day CHG~0.00%
Published-10 Jun, 2020 | 17:29
Updated-17 Sep, 2024 | 03:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GlobalProtect App: Missing certificate validation vulnerability can disclose pre-logon authentication cookie

When the pre-logon feature is enabled, a missing certification validation in Palo Alto Networks GlobalProtect app can disclose the pre-logon authentication cookie to a man-in-the-middle attacker on the same local area network segment with the ability to manipulate ARP or to conduct ARP spoofing attacks. This allows the attacker to access the GlobalProtect Server as allowed by configured Security rules for the 'pre-login' user. This access may be limited compared to the network access of regular users. This issue affects: GlobalProtect app 5.0 versions earlier than GlobalProtect app 5.0.10 when the prelogon feature is enabled; GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.4 when the prelogon feature is enabled.

Action-Not Available
Vendor-Palo Alto Networks, Inc.
Product-globalprotectGlobalProtect App
CWE ID-CWE-295
Improper Certificate Validation
CWE ID-CWE-290
Authentication Bypass by Spoofing
Details not found