CVE-2025-4232

An improper neutralization of wildcards vulnerability in the log collection feature of Palo Alto Networks GlobalProtect™ app on macOS allows a non administrative user to escalate their privileges to root.

CVSS

No CVSS.

References

Link	Resource
https://security.paloaltonetworks.com/CVE-2025-4232

Configurations

No configuration.

History

16 Jun 2025, 12:32

Type	Values Removed	Values Added
Summary		(es) Una vulnerabilidad de neutralización incorrecta de comodines en la función de recopilación de registros de la aplicación Palo Alto Networks GlobalProtect™ en macOS permite que un usuario no administrativo aumente sus privilegios a root.

13 Jun 2025, 00:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-06-13 00:15

Updated : 2025-06-16 12:32

NVD link : CVE-2025-4232

Mitre link : CVE-2025-4232

CVE.ORG link : CVE-2025-4232

JSON object : View

Products Affected

No product.

CWE

CWE-155

Improper Neutralization of Wildcards or Matching Symbols

{"id": "CVE-2025-4232", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "psirt@paloaltonetworks.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "USER", "baseScore": 8.5, "Automatable": "NO", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "AMBER", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "MODERATE", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-06-13T00:15:23.697", "references": [{"url": "https://security.paloaltonetworks.com/CVE-2025-4232", "source": "psirt@paloaltonetworks.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "psirt@paloaltonetworks.com", "description": [{"lang": "en", "value": "CWE-155"}]}], "descriptions": [{"lang": "en", "value": "An improper neutralization of wildcards vulnerability in the log collection feature of Palo Alto Networks GlobalProtect\u2122 app on macOS allows a non administrative user to escalate their privileges to root."}, {"lang": "es", "value": "Una vulnerabilidad de neutralizaci\u00f3n incorrecta de comodines en la funci\u00f3n de recopilaci\u00f3n de registros de la aplicaci\u00f3n Palo Alto Networks GlobalProtect\u2122 en macOS permite que un usuario no administrativo aumente sus privilegios a root."}], "lastModified": "2025-06-16T12:32:18.840", "sourceIdentifier": "psirt@paloaltonetworks.com"}