CVE-2025-0117 Information

Description

A reliance on untrusted input for a security decision in the GlobalProtect app on Windows devices potentially enables a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY\SYSTEM.

GlobalProtect App on macOS Linux iOS Android Chrome OS and GlobalProtect UWP App are not affected.

Reference

https://security.paloaltonetworks.com/CVE-2025-0117