CVE-2025-0120 GlobalProtect App: Local Privilege Escalation (PE) Vulnerability (Severity: MEDIUM) - #CVE-2025-0120
A significant vulnerability (CVE-2025-0120) has been discovered in the Palo Alto Networks GlobalProtect™ app for Windows, allowing local non-administrative users to escalate privileges to NT AUTHORITY\SYSTEM level. This security flaw, which exploits a race condition, affects various versions of the app but does not impact other operating systems. Palo Alto Networks has responded by recommending specific version upgrades for different series of the app, as no alternative workarounds or mitigations are currently available. The vulnerability, rated as medium severity with moderate urgency, was identified by security researchers from Michelin CERT and Abicom. This discovery underscores the importance of prompt software updates and highlights the ongoing challenges in maintaining robust security measures for widely-used network protection tools.