CVE-2025-0131

GlobalProtect App: Incorrect Privilege Management Vulnerability in OPSWAT MetaDefender Endpoint Security SDK

Description

An incorrect privilege management vulnerability in the OPSWAT MetaDefender Endpoint Security SDK used by the Palo Alto Networks GlobalProtect™ app on Windows devices allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY\SYSTEM. However, execution requires that the local user also successfully exploits a race condition, which makes this vulnerability difficult to exploit.

Remediation

Solution:

  • This issue is fixed in MetaDefender Endpoint Security SDK 4.3.4451 on Windows, and all later MetaDefender Endpoint Security SDK versions on Windows. To mitigate this issue in the GlobalProtect App on Windows update to one of the listed versions (these versions include the updated MetaDefender Endpoint Security SDK): Version Suggested Solution GlobalProtect App 6.3 on WindowsUpgrade to 6.3.3 or laterGlobalProtect App 6.2 on Windows Upgrade to 6.2.8 or later GlobalProtect App 6.1 on Windows Upgrade to 6.2.8 or later or 6.3.3 or later GlobalProtect App 6.0 on Windows Upgrade to 6.2.8 or later or 6.3.3 or later GlobalProtect App on macOSNot applicableGlobalProtect App on LinuxNot applicableGlobalProtect App on iOSNot applicableGlobalProtect App on AndroidNot applicableGlobalProtect UWP AppNot applicable

Workaround:

  • No known workarounds or mitigations exist for this issue.

Category

7.1
CVSS
Severity: High
CVSS 4.0 •
EPSS 0.01%
Vendor Advisory opswat.com
Affected: OPSWAT MetaDefender Endpoint Security SDK
Published at:
Updated at:

References

Link Tags
https://security.paloaltonetworks.com/CVE-2025-0131 third party advisory
https://www.opswat.com/docs/mdsdk/release-notes/cve-2025-0131 vendor advisory

Frequently Asked Questions

What is the severity of CVE-2025-0131?
CVE-2025-0131 has been scored as a high severity vulnerability.
How to fix CVE-2025-0131?
To fix CVE-2025-0131: This issue is fixed in MetaDefender Endpoint Security SDK 4.3.4451 on Windows, and all later MetaDefender Endpoint Security SDK versions on Windows. To mitigate this issue in the GlobalProtect App on Windows update to one of the listed versions (these versions include the updated MetaDefender Endpoint Security SDK): Version Suggested Solution GlobalProtect App 6.3 on WindowsUpgrade to 6.3.3 or laterGlobalProtect App 6.2 on Windows Upgrade to 6.2.8 or later GlobalProtect App 6.1 on Windows Upgrade to 6.2.8 or later or 6.3.3 or later GlobalProtect App 6.0 on Windows Upgrade to 6.2.8 or later or 6.3.3 or later GlobalProtect App on macOSNot applicableGlobalProtect App on LinuxNot applicableGlobalProtect App on iOSNot applicableGlobalProtect App on AndroidNot applicableGlobalProtect UWP AppNot applicable
Is CVE-2025-0131 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2025-0131 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-0131?
CVE-2025-0131 affects OPSWAT MetaDefender Endpoint Security SDK.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.