CVE-2025-2183

GlobalProtect App: Improper Certificate Validation Leads to Privilege Escalation

Description

An insufficient certificate validation issue in the Palo Alto Networks GlobalProtect™ app enables attackers to connect the GlobalProtect app to arbitrary servers. This can enable a local non-administrative operating system user or an attacker on the same subnet to install malicious root certificates on the endpoint and subsequently install malicious software signed by the malicious root certificates on that endpoint.

Remediation

Solution:

  • Version Minor Version Suggested Solution GlobalProtect App 6.3 on Windows 6.3.0 through 6.3.2 Upgrade to 6.3.2-h9 or 6.3.3-h2 or later*. GlobalProtect App 6.2 on Windows 6.2.0 through 6.2.8 Upgrade to 6.2.8-h3 or later*. GlobalProtect App 6.1 on WindowsUpgrade to 6.2.8-h3 or 6.3.3-h2 or later*. GlobalProtect App 6.0 on Windows Upgrade to 6.2.8-h3 or 6.3.3-h2 or later*. GlobalProtect App 6.3 on Linux 6.3.0 through 6.3.2 Upgrade to 6.3.3 or later*. GlobalProtect App 6.2 on LinuxUpgrade to 6.3.3 or later*.GlobalProtect App 6.1 on LinuxUpgrade to 6.3.3 or later*.GlobalProtect App 6.0 on LinuxUpgrade to 6.3.3 or later*.GlobalProtect App on Android, iOS, macOS No action needed.GlobalProtect UWP App No action needed. * In addition to the software updates listed above, additional steps are required to protect against this vulnerability as described below: Solution for new and existing GlobalProtect app installation on Windows / Linux * Ensure the portal/gateway certificate can be validated using the operating system's certificate store (e.g., Local Machine Certificate Store or Current User Certificate Store in Windows; for Linux, refer to this documentation https://docs.paloaltonetworks.com/globalprotect/6-2/globalprotect-app-user-guide/globalprotect-app-for-linux/support-for-native-certificate-store-for-prisma-access-and-globalprotect-app ). * Remove any certificates associated with portal/gateway validation from the "Trusted Root CA" list on the Portal.  * Enable portal setting: “Enable Strict Certificate Check” (set FULLCHAINCERTVERIFY to yes).

Workaround:

  • No known workarounds exist for this issue.

Category

5.3
CVSS
Severity: Medium
CVSS 4.0 •
EPSS 0.01%
Vendor Advisory paloaltonetworks.com
Affected: Palo Alto Networks GlobalProtect App
Affected: Palo Alto Networks GlobalProtect App
Affected: Palo Alto Networks GlobalProtect App
Affected: Palo Alto Networks Global Protect UWP App
Published at:
Updated at:

References

Link Tags
https://security.paloaltonetworks.com/CVE-2025-2183 vendor advisory

Frequently Asked Questions

What is the severity of CVE-2025-2183?
CVE-2025-2183 has been scored as a medium severity vulnerability.
How to fix CVE-2025-2183?
To fix CVE-2025-2183: Version Minor Version Suggested Solution GlobalProtect App 6.3 on Windows 6.3.0 through 6.3.2 Upgrade to 6.3.2-h9 or 6.3.3-h2 or later*. GlobalProtect App 6.2 on Windows 6.2.0 through 6.2.8 Upgrade to 6.2.8-h3 or later*. GlobalProtect App 6.1 on WindowsUpgrade to 6.2.8-h3 or 6.3.3-h2 or later*. GlobalProtect App 6.0 on Windows Upgrade to 6.2.8-h3 or 6.3.3-h2 or later*. GlobalProtect App 6.3 on Linux 6.3.0 through 6.3.2 Upgrade to 6.3.3 or later*. GlobalProtect App 6.2 on LinuxUpgrade to 6.3.3 or later*.GlobalProtect App 6.1 on LinuxUpgrade to 6.3.3 or later*.GlobalProtect App 6.0 on LinuxUpgrade to 6.3.3 or later*.GlobalProtect App on Android, iOS, macOS No action needed.GlobalProtect UWP App No action needed. * In addition to the software updates listed above, additional steps are required to protect against this vulnerability as described below: Solution for new and existing GlobalProtect app installation on Windows / Linux * Ensure the portal/gateway certificate can be validated using the operating system's certificate store (e.g., Local Machine Certificate Store or Current User Certificate Store in Windows; for Linux, refer to this documentation https://docs.paloaltonetworks.com/globalprotect/6-2/globalprotect-app-user-guide/globalprotect-app-for-linux/support-for-native-certificate-store-for-prisma-access-and-globalprotect-app ). * Remove any certificates associated with portal/gateway validation from the "Trusted Root CA" list on the Portal.  * Enable portal setting: “Enable Strict Certificate Check” (set FULLCHAINCERTVERIFY to yes).
Is CVE-2025-2183 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2025-2183 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-2183?
CVE-2025-2183 affects Palo Alto Networks GlobalProtect App, Palo Alto Networks GlobalProtect App, Palo Alto Networks GlobalProtect App, Palo Alto Networks Global Protect UWP App.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.