CVE-2025-0131: GlobalProtect App: Incorrect Privilege Management Vulnerability in OPSWAT MetaDefender Endpoint Security SDK
Description
An incorrect privilege management vulnerability in the OPSWAT MetaDefender Endpoint Security SDK used by the Palo Alto Networks GlobalProtect™ app on Windows devices allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY\SYSTEM. However, execution requires that the local user also successfully exploits a race condition, which makes this vulnerability difficult to exploit.
Classification
CVE ID: CVE-2025-0131
CVSS Base Severity: HIGH
CVSS Base Score: 7.1
CVSS Vector: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:H/SI:H/SA:H/AU:N/R:U/V:D/U:Amber
Problem Types
CWE-266: Incorrect Privilege AssignmentAffected Products
Vendor: OPSWAT
Product: MetaDefender Endpoint Security SDK
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.01% (probability of being exploited)
EPSS Percentile: 1.58% (scored less or equal to compared to others)
EPSS Date: 2025-06-12 (when was this score calculated)
References
https://nvd.nist.gov/vuln/detail/CVE-2025-0131https://security.paloaltonetworks.com/CVE-2025-0131