CVE-2025-0131
HIGHPalo Alto Networks GlobalProtect - Privilege Escalation
Title source: llmDescription
An incorrect privilege management vulnerability in the OPSWAT MetaDefender Endpoint Security SDK used by the Palo Alto Networks GlobalProtect™ app on Windows devices allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY\SYSTEM. However, execution requires that the local user also successfully exploits a race condition, which makes this vulnerability difficult to exploit.
References (2)
Core 2
Core References
Various Sources third-party-advisory
https://security.paloaltonetworks.com/CVE-2025-0131
Various Sources vendor-advisory
https://www.opswat.com/docs/mdsdk/release-notes/cve-2025-0131
Scores
CVSS v4
7.1
EPSS
0.0013
EPSS Percentile
3.0%
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:H/SI:H/SA:H/AU:N/R:U/V:D/U:Amber
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-266
Status
published
Products (1)
OPSWAT/MetaDefender Endpoint Security SDK
4.3.0 - 4.3.4451
Published
May 14, 2025
Tracked Since
Feb 18, 2026