Detections
Analytics

Palo Alto GlobalProtect App Windows 6.0.x < 6.0.11 / 6.1.x < 6.1.6 / 6.2.x < 6.2.5 / 6.3.x < 6.3.3 Execution of Unsafe ActiveX Control (CVE-2025-0118)

high Nessus Plugin ID 232701

Synopsis

A VPN client installed on remote Windows host is affected by a remote command execution vulnerability.

Description

The version of Palo Alto GlobalProtect App installed on the remote Windows host is 6.0.x prior to 6.0.11, 6.1.x prior to 6.1.6, 6.2.x prior to 6.2.5, or 6.3.x prior to 6.3.3. It is, therefore, affected by a remote command execution vulnerability:

 - A vulnerability in the Palo Alto Networks GlobalProtect app on Windows allows a remote attacker to run ActiveX controls within the context of an authenticated Windows user. This enables the attacker to run commands as if they are a legitimate authenticated user. However, to exploit this vulnerability, the authenticated user must navigate to a malicious page during the GlobalProtect SAML login process on a Windows device. This issue does not apply to the GlobalProtect app on other (non-Windows) platforms. (CVE-2025-0118)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Palo Alto GlobalProtect App version 6.0.11, 6.1.6, 6.2.5, 6.3.3 or later

See Also

https://security.paloaltonetworks.com/CVE-2025-0118

Plugin Details

Severity: High

ID: 232701

File Name: palo_alto_globalprotect_CVE-2025-0118.nasl

Version: 1.1

Type: local

Agent: windows

Family: Windows

Published: 3/13/2025

Updated: 3/13/2025

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.0

CVSS v2

Risk Factor: High

Base Score: 7.3

Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:P/A:C

CVSS Score Source: CVE-2025-0118

CVSS v3

Risk Factor: High

Base Score: 7.1

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:H

Vulnerability Information

CPE: cpe:/a:paloaltonetworks:globalprotect

Required KB Items: SMB/Registry/Enumerated, installed_sw/Palo Alto GlobalProtect Agent

Patch Publication Date: 3/12/2025

Vulnerability Publication Date: 3/12/2025

Reference Information

CVE: CVE-2025-0118

IAVA: 2025-A-0166