Analysis Summary

CVE-2025-0118 CVSS:6

A vulnerability in the Palo Alto Networks GlobalProtect app on Windows allows a remote attacker to run ActiveX controls within the context of an authenticated Windows user. This enables the attacker to run commands as if they are a legitimate authenticated user. However, to exploit this vulnerability, the authenticated user must navigate to a malicious page during the GlobalProtect SAML login process on a Windows device.

CVE-2025-0117 CVSS:7.1

A reliance on untrusted input for a security decision in the GlobalProtect app on Windows devices potentially enables a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY\SYSTEM.

CVE-2025-0116 CVSS:5.1

A Denial of Service (DoS) vulnerability in Palo Alto Networks PAN-OS software causes the firewall to unexpectedly reboot when processing a specially crafted LLDP frame sent by an unauthenticated adjacent attacker. Repeated attempts to initiate this condition causes the firewall to enter maintenance mode.

CVE-2025-0115 CVSS:6.8

A vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated admin on the PAN-OS CLI to read arbitrary files.

CVE-2025-0114 CVSS:8.2

A Denial of Service (DoS) vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software enables an unauthenticated attacker to render the service unavailable by sending a large number of specially crafted packets over a period of time. This issue affects both the GlobalProtect portal and the GlobalProtect gateway.

Impact

• Denial of Service
• Gain Access
• Privilege Escalation

Indicators of Compromise

CVE

• CVE-2025-0118

• CVE-2025-0117

• CVE-2025-0116

• CVE-2025-0115

• CVE-2025-0114

Affected Vendors

Remediation

Refer to Palo Alto Networks Security Advisory for patch, upgrade, or suggested workaround information.

CVE-2025-0118

CVE-2025-0117

CVE-2025-0116

CVE-2025-0115

CVE-2025-0114