vulnerability

Palo Alto Networks GlobalProtect App: CVE-2025-4232: GlobalProtect: Authenticated Code Injection Through Wildcard on macOS

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
9	(AV:N/AC:L/Au:S/C:C/I:C/A:C)	Jun 11, 2025	Jun 12, 2025	Nov 11, 2025

Severity

CVSS

(AV:N/AC:L/Au:S/C:C/I:C/A:C)

Published

Jun 11, 2025

Added

Jun 12, 2025

Modified

Nov 11, 2025

Description

An improper neutralization of wildcards vulnerability in the log collection feature of Palo Alto Networks GlobalProtect™ app on macOS allows a non administrative user to escalate their privileges to root.

Solution

palo-alto-networks-globalprotect-app-upgrade-latest

References

URL-https://security.paloaltonetworks.com/json/CVE-2025-4232
CVE-2025-4232
https://attackerkb.com/topics/CVE-2025-4232
CWE-155

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today