Main Vulnerability Database Vulnerabilities #VU114078

#VU114078 Improper Certificate Validation in GlobalProtect app - CVE-2025-2183

Published: August 14, 2025

Vulnerability identifier: #VU114078

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2025-2183

CWE-ID: CWE-295

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
GlobalProtect app

Software vendor:
Palo Alto Networks, Inc.

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to improper certificate validation. A remote attacker on the local network can install malicious root certificates on the endpoint and subsequently install malicious software signed by the malicious root certificates on that endpoint.

Remediation

Install updates from vendor's website.

External links

https://security.paloaltonetworks.com/CVE-2025-2183

#VU114078 Improper Certificate Validation in GlobalProtect app - CVE-2025-2183

Description

Remediation

External links

Please verify you're human