Palo Alto GlobalProtect App Linux Privilege Assignment Vulnerability (CVE-2025-2179)

Critical Vulnerability Information Vulnerability Overview CVE ID: CVE-2025-2179 Vulnerability Name: GlobalProtect App: Non Admin User Can Disable the GlobalProtect App Severity: MEDIUM (4.3) Urgency: MODERATE Affected Scope Affected Versions: - GlobalProtect App 6.2 on Linux: < 6.2.9 - GlobalProtect App 6.1 on Linux: All versions - GlobalProtect App 6.0 on Linux: All versions Unaffected Versions: - GlobalProtect App on Android, Chrome OS, iOS, Windows, macOS - GlobalProtect UWP App Vulnerability Description Issue: A flawed privilege assignment vulnerability exists in Palo Alto Networks' GlobalProtect App, allowing a locally authenticated non-admin user to disable the application, even when GlobalProtect app configuration typically prevents them from doing so. Platform: Affects only GlobalProtect App on Linux devices. Configuration Requirements Vulnerable Configurations: 1. Connection method set to "Always On" (connects every time user logs into the machine) 2. "Allow user to disable GlobalProtect" set to "Allow" or "Allow with password" Threat Type and Impact CWE ID: CWE-266: Incorrect Privilege Assignment CAPEC ID: CAPEC-578 Disable Security Software Solution Recommended Upgrade: - GlobalProtect App 6.2 on Linux: Upgrade to 6.2.9 or later - GlobalProtect App 6.1 on Linux: Upgrade to 6.2.6 or later - GlobalProtect App 6.0 on Linux: Upgrade to 6.2.8 or later Timeline Release Date: 2025-07-29 Acknowledgments Discoverers: Alex Boulia and Graham Brebneron (graham.brebneron@form3.tech) CPE Applicability cpe:2.3:a:palo_alto_networks:globalprotect_app::::::linux::*

Goal Reached Thanks to every supporter — we hit 100%!

Palo Alto GlobalProtect App Linux Privilege Assignment Vulnerability (CVE-2025-2179)