{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-0120", "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "state": "PUBLISHED", "assignerShortName": "palo_alto", "dateReserved": "2024-12-20T23:23:21.499Z", "datePublished": "2025-04-11T01:44:48.253Z", "dateUpdated": "2025-05-02T19:08:27.987Z"}, "containers": {"cna": {"affected": [{"cpes": ["cpe:2.3:a:paloaltonetworks:globalprotect_app:6.3.2:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.3.1:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.3.0:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.7:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.6:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.4:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.3:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.2:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.1:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.0:-:*:*:*:*:*:*"], "defaultStatus": "unaffected", "platforms": ["Windows"], "product": "GlobalProtect App", "vendor": "Palo Alto Networks", "versions": [{"changes": [{"at": "6.3.3", "status": "unaffected"}], "lessThan": "6.3.3", "status": "affected", "version": "6.3.0", "versionType": "custom"}, {"changes": [{"at": "6.2.8", "status": "unaffected"}, {"at": "6.2.7-1077", "status": "unaffected"}], "lessThan": "6.2.8", "status": "affected", "version": "6.2.0", "versionType": "custom"}, {"status": "affected", "version": "6.1.0", "versionType": "custom"}, {"status": "affected", "version": "6.0.0", "versionType": "custom"}]}, {"cpes": ["cpe:2.3:a:paloaltonetworks:globalprotect_app:6.3.2:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.3.1:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.3.0:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.7:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.6:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.4:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.3:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.2:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.1:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.0:-:*:*:*:*:*:*"], "defaultStatus": "unaffected", "platforms": ["macOS", "Linux", "iOS", "Android", "Chrome OS"], "product": "GlobalProtect App", "vendor": "Palo Alto Networks", "versions": [{"status": "unaffected", "version": "All", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "GlobalProtect UWP App", "vendor": "Palo Alto Networks", "versions": [{"status": "unaffected", "version": "All", "versionType": "custom"}]}], "configurations": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "No special configuration is required to be affected by this issue."}], "value": "No special configuration is required to be affected by this issue."}], "credits": [{"lang": "en", "type": "finder", "value": "Maxime ESCOURBIAC, Michelin CERT"}, {"lang": "en", "type": "finder", "value": "Yassine BENGANA, Abicom for Michelin CERT"}], "datePublic": "2025-04-09T16:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A vulnerability with a privilege management mechanism in the Palo Alto Networks GlobalProtect\u2122 app on Windows devices allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY\\SYSTEM. However, execution requires that the local user can also successfully exploit a race condition, which makes this vulnerability difficult to exploit."}], "value": "A vulnerability with a privilege management mechanism in the Palo Alto Networks GlobalProtect\u2122 app on Windows devices allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY\\SYSTEM. However, execution requires that the local user can also successfully exploit a race condition, which makes this vulnerability difficult to exploit."}], "exploits": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."}], "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."}], "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NO", "Recovery": "USER", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "baseScore": 7.1, "baseSeverity": "HIGH", "privilegesRequired": "LOW", "providerUrgency": "AMBER", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:H/SI:H/SA:H/AU:N/R:U/V:C/RE:M/U:Amber", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "MODERATE"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "A local Windows user (or malware) with non-administrative rights elevates their privileges to NT AUTHORITY/SYSTEM."}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-250", "description": "CWE-250 Execution with Unnecessary Privileges", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto", "dateUpdated": "2025-05-02T19:08:27.987Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://security.paloaltonetworks.com/CVE-2025-0120"}], "solutions": [{"lang": "eng", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<table><thead><tr><th>Version<br></th><th>Suggested Solution<br></th></tr></thead><tbody><tr><td>GlobalProtect App 6.3 on Windows</td><td>Upgrade to 6.3.3 or later</td></tr><tr><td>GlobalProtect App 6.2 on Windows<br></td><td>Upgrade to 6.2.7-1077 or 6.2.8 or later<br></td></tr><tr><td>GlobalProtect App 6.1 on Windows<br></td><td>Upgrade to 6.2.8 or later or upgrade to 6.3.3 or later<br></td></tr><tr><td>GlobalProtect App 6.0 on Windows<br></td><td>Upgrade to 6.2.8 or later or upgrade to 6.3.3 or later<br></td></tr><tr><td>GlobalProtect App on macOS</td><td>No action needed</td></tr><tr><td>GlobalProtect App on Linux</td><td>No action needed</td></tr><tr><td>GlobalProtect App on iOS</td><td>No action needed</td></tr><tr><td>GlobalProtect App on Android</td><td>No action needed</td></tr><tr><td>GlobalProtect UWP App</td><td>No action needed</td></tr></tbody></table>"}], "value": "Version\nSuggested Solution\nGlobalProtect App 6.3 on WindowsUpgrade to 6.3.3 or laterGlobalProtect App 6.2 on Windows\nUpgrade to 6.2.7-1077 or 6.2.8 or later\nGlobalProtect App 6.1 on Windows\nUpgrade to 6.2.8 or later or upgrade to 6.3.3 or later\nGlobalProtect App 6.0 on Windows\nUpgrade to 6.2.8 or later or upgrade to 6.3.3 or later\nGlobalProtect App on macOSNo action neededGlobalProtect App on LinuxNo action neededGlobalProtect App on iOSNo action neededGlobalProtect App on AndroidNo action neededGlobalProtect UWP AppNo action needed"}], "source": {"defect": ["GPC-19862", "GPC-19858"], "discovery": "EXTERNAL"}, "timeline": [{"lang": "en", "time": "2025-04-09T16:00:00.000Z", "value": "Initial Publication"}, {"lang": "en", "time": "2025-05-02T19:00:00.000Z", "value": "Updated the fix version for 6.2.7"}], "title": "GlobalProtect App: Local Privilege Escalation (PE) Vulnerability", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "No workaround or mitigation is available."}], "value": "No workaround or mitigation is available."}], "x_affectedList": ["GlobalProtect App 6.3.2", "GlobalProtect App 6.3.1", "GlobalProtect App 6.3.0", "GlobalProtect App 6.3", "GlobalProtect App 6.2.7", "GlobalProtect App 6.2.6", "GlobalProtect App 6.2.4", "GlobalProtect App 6.2.3", "GlobalProtect App 6.2.2", "GlobalProtect App 6.2.1", "GlobalProtect App 6.2.0", "GlobalProtect App 6.2"], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-11T15:47:44.551607Z", "id": "CVE-2025-0120", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-11T16:02:44.112Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-0120", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-11T15:47:44.551607Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-11T15:47:53.865Z"}}], "cna": {"title": "GlobalProtect App: Local Privilege Escalation (PE) Vulnerability", "source": {"defect": ["GPC-19862", "GPC-19858"], "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Maxime ESCOURBIAC, Michelin CERT"}, {"lang": "en", "type": "finder", "value": "Yassine BENGANA, Abicom for Michelin CERT"}], "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "USER", "baseScore": 7.1, "Automatable": "NO", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:H/SI:H/SA:H/AU:N/R:U/V:C/RE:M/U:Amber", "providerUrgency": "AMBER", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "MODERATE"}, "scenarios": [{"lang": "en", "value": "A local Windows user (or malware) with non-administrative rights elevates their privileges to NT AUTHORITY/SYSTEM."}]}], "affected": [{"cpes": ["cpe:2.3:a:paloaltonetworks:globalprotect_app:6.3.2:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.3.1:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.3.0:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.7:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.6:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.4:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.3:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.2:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.1:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.0:-:*:*:*:*:*:*"], "vendor": "Palo Alto Networks", "product": "GlobalProtect App", "versions": [{"status": "affected", "changes": [{"at": "6.3.3", "status": "unaffected"}], "version": "6.3.0", "lessThan": "6.3.3", "versionType": "custom"}, {"status": "affected", "changes": [{"at": "6.2.8", "status": "unaffected"}, {"at": "6.2.7-1077", "status": "unaffected"}], "version": "6.2.0", "lessThan": "6.2.8", "versionType": "custom"}, {"status": "affected", "version": "6.1.0", "versionType": "custom"}, {"status": "affected", "version": "6.0.0", "versionType": "custom"}], "platforms": ["Windows"], "defaultStatus": "unaffected"}, {"cpes": ["cpe:2.3:a:paloaltonetworks:globalprotect_app:6.3.2:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.3.1:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.3.0:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.7:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.6:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.4:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.3:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.2:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.1:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.0:-:*:*:*:*:*:*"], "vendor": "Palo Alto Networks", "product": "GlobalProtect App", "versions": [{"status": "unaffected", "version": "All", "versionType": "custom"}], "platforms": ["macOS", "Linux", "iOS", "Android", "Chrome OS"], "defaultStatus": "unaffected"}, {"vendor": "Palo Alto Networks", "product": "GlobalProtect UWP App", "versions": [{"status": "unaffected", "version": "All", "versionType": "custom"}], "defaultStatus": "unaffected"}], "exploits": [{"lang": "en", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.", "supportingMedia": [{"type": "text/html", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.", "base64": false}]}], "timeline": [{"lang": "en", "time": "2025-04-09T16:00:00.000Z", "value": "Initial Publication"}, {"lang": "en", "time": "2025-05-02T19:00:00.000Z", "value": "Updated the fix version for 6.2.7"}], "solutions": [{"lang": "eng", "value": "Version\nSuggested Solution\nGlobalProtect App 6.3 on WindowsUpgrade to 6.3.3 or laterGlobalProtect App 6.2 on Windows\nUpgrade to 6.2.7-1077 or 6.2.8 or later\nGlobalProtect App 6.1 on Windows\nUpgrade to 6.2.8 or later or upgrade to 6.3.3 or later\nGlobalProtect App 6.0 on Windows\nUpgrade to 6.2.8 or later or upgrade to 6.3.3 or later\nGlobalProtect App on macOSNo action neededGlobalProtect App on LinuxNo action neededGlobalProtect App on iOSNo action neededGlobalProtect App on AndroidNo action neededGlobalProtect UWP AppNo action needed", "supportingMedia": [{"type": "text/html", "value": "<table><thead><tr><th>Version<br></th><th>Suggested Solution<br></th></tr></thead><tbody><tr><td>GlobalProtect App 6.3 on Windows</td><td>Upgrade to 6.3.3 or later</td></tr><tr><td>GlobalProtect App 6.2 on Windows<br></td><td>Upgrade to 6.2.7-1077 or 6.2.8 or later<br></td></tr><tr><td>GlobalProtect App 6.1 on Windows<br></td><td>Upgrade to 6.2.8 or later or upgrade to 6.3.3 or later<br></td></tr><tr><td>GlobalProtect App 6.0 on Windows<br></td><td>Upgrade to 6.2.8 or later or upgrade to 6.3.3 or later<br></td></tr><tr><td>GlobalProtect App on macOS</td><td>No action needed</td></tr><tr><td>GlobalProtect App on Linux</td><td>No action needed</td></tr><tr><td>GlobalProtect App on iOS</td><td>No action needed</td></tr><tr><td>GlobalProtect App on Android</td><td>No action needed</td></tr><tr><td>GlobalProtect UWP App</td><td>No action needed</td></tr></tbody></table>", "base64": false}]}], "datePublic": "2025-04-09T16:00:00.000Z", "references": [{"url": "https://security.paloaltonetworks.com/CVE-2025-0120", "tags": ["vendor-advisory"]}], "workarounds": [{"lang": "en", "value": "No workaround or mitigation is available.", "supportingMedia": [{"type": "text/html", "value": "No workaround or mitigation is available.", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "A vulnerability with a privilege management mechanism in the Palo Alto Networks GlobalProtect\u2122 app on Windows devices allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY\\SYSTEM. However, execution requires that the local user can also successfully exploit a race condition, which makes this vulnerability difficult to exploit.", "supportingMedia": [{"type": "text/html", "value": "A vulnerability with a privilege management mechanism in the Palo Alto Networks GlobalProtect\u2122 app on Windows devices allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY\\SYSTEM. However, execution requires that the local user can also successfully exploit a race condition, which makes this vulnerability difficult to exploit.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-250", "description": "CWE-250 Execution with Unnecessary Privileges"}]}], "configurations": [{"lang": "en", "value": "No special configuration is required to be affected by this issue.", "supportingMedia": [{"type": "text/html", "value": "No special configuration is required to be affected by this issue.", "base64": false}]}], "x_affectedList": ["GlobalProtect App 6.3.2", "GlobalProtect App 6.3.1", "GlobalProtect App 6.3.0", "GlobalProtect App 6.3", "GlobalProtect App 6.2.7", "GlobalProtect App 6.2.6", "GlobalProtect App 6.2.4", "GlobalProtect App 6.2.3", "GlobalProtect App 6.2.2", "GlobalProtect App 6.2.1", "GlobalProtect App 6.2.0", "GlobalProtect App 6.2"], "providerMetadata": {"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto", "dateUpdated": "2025-05-02T19:08:27.987Z"}}}, "cveMetadata": {"cveId": "CVE-2025-0120", "state": "PUBLISHED", "dateUpdated": "2025-05-02T19:08:27.987Z", "dateReserved": "2024-12-20T23:23:21.499Z", "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "datePublished": "2025-04-11T01:44:48.253Z", "assignerShortName": "palo_alto"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:windows:*:*", "matchCriteriaId": "B6E8BBD7-AE9C-4708-BCE5-805250956365", "versionEndExcluding": "6.0.12", "versionStartIncluding": "6.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:windows:*:*", "matchCriteriaId": "5C174DAD-5FAC-4815-B1D6-34E18903EA0D", "versionEndExcluding": "6.2.7-1077", "versionStartIncluding": "6.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:windows:*:*", "matchCriteriaId": "3A842EBF-EA01-4D05-96C5-7F2061951423", "versionEndExcluding": "6.3.3", "versionStartIncluding": "6.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability with a privilege management mechanism in the Palo Alto Networks GlobalProtect\u2122 app on Windows devices allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY\\SYSTEM. However, execution requires that the local user can also successfully exploit a race condition, which makes this vulnerability difficult to exploit."}, {"lang": "es", "value": " Una vulnerabilidad con un mecanismo de administraci\u00f3n de privilegios en la aplicaci\u00f3n Palo Alto Networks GlobalProtect\u2122 en dispositivos Windows permite que un usuario de Windows no administrativo autenticado localmente escale sus privilegios a NT AUTHORITY\\SYSTEM. Sin embargo, la ejecuci\u00f3n requiere que el usuario local tambi\u00e9n pueda explotar con \u00e9xito una condici\u00f3n de ejecuci\u00f3n, lo que hace que esta vulnerabilidad sea dif\u00edcil de explotar."}], "id": "CVE-2025-0120", "lastModified": "2025-06-27T16:51:19.773", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NO", "Recovery": "USER", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "AMBER", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:M/U:Amber", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "MODERATE"}, "source": "psirt@paloaltonetworks.com", "type": "Secondary"}]}, "published": "2025-04-11T02:15:18.197", "references": [{"source": "psirt@paloaltonetworks.com", "tags": ["Vendor Advisory"], "url": "https://security.paloaltonetworks.com/CVE-2025-0120"}], "sourceIdentifier": "psirt@paloaltonetworks.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-250"}], "source": "psirt@paloaltonetworks.com", "type": "Secondary"}]}

{}

{}