vulnerability
Palo Alto Networks GlobalProtect App: CVE-2019-17435: Local Privilege Escalation in GlobalProtect App for Windows
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 2 | (AV:L/AC:L/Au:N/C:N/I:P/A:N) | Oct 15, 2019 | May 21, 2025 | Nov 3, 2025 |
Severity
2
CVSS
(AV:L/AC:L/Au:N/C:N/I:P/A:N)
Published
Oct 15, 2019
Added
May 21, 2025
Modified
Nov 3, 2025
Description
A Local Privilege Escalation vulnerability exists in the GlobalProtect App for Windows auto-update feature that can allow for modification of a GlobalProtect App MSI installer package on disk before installation. (Ref # GPC-8977, CVE-2019-17435)
Successful exploitation of this issue may allow a low-privileged local user to escalate their privileges to the System user.
This issue affects GlobalProtect App 5.0.3 and earlier for Windows and GlobalProtect App 4.1.12 and earlier for Windows.
Successful exploitation of this issue may allow a low-privileged local user to escalate their privileges to the System user.
This issue affects GlobalProtect App 5.0.3 and earlier for Windows and GlobalProtect App 4.1.12 and earlier for Windows.
Solution
palo-alto-networks-globalprotect-app-upgrade-latest
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.