Vulners
Lucene search
Palo Alto GlobalProtect App Windows 6.0.x < 6.0.11 / 6.1.x < 6.1.6 / 6.2.x < 6.2.5 / 6.3.x < 6.3.3 Execution of Unsafe ActiveX Control (CVE-2025-0118)
| Reporter | Title | Published | Views | Family All 11 |
|---|---|---|---|---|
 | The software’s vulnerability related to secure remote access to data through the Palo Alto Networks GlobalProtect App. This vulnerability stems from an open and insecure ActiveX method, allowing attackers to execute arbitrary commands. | 9 Apr 202500:00 | – | bdu_fstec |
 | CVE-2025-0118 | 12 Mar 202518:40 | – | circl |
 | Palo Alto Networks GlobalProtect 安全漏洞 | 12 Mar 202500:00 | – | cnnvd |
 | CVE-2025-0118 | 12 Mar 202518:36 | – | cve |
 | CVE-2025-0118 GlobalProtect App: Execution of Unsafe ActiveX Control Vulnerability | 12 Mar 202518:36 | – | cvelist |
 | EUVD-2025-7352 | 3 Oct 202520:07 | – | euvd |
 | CVE-2025-0118 | 12 Mar 202519:15 | – | nvd |
 | CVE-2025-0118 | 12 Mar 202519:15 | – | osv |
 | GlobalProtect App: Execution of Unsafe ActiveX Control Vulnerability | 12 Mar 202516:00 | – | paloalto |
 | CVE-2025-0118 | 14 Mar 202522:39 | – | redhatcve |
10
| Source | Link |
|---|---|
| security | www.security.paloaltonetworks.com/CVE-2025-0118 |
| cve | www.cve.mitre.org/cgi-bin/cvename.cgi |
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(232701);
script_version("1.2");
script_set_attribute(attribute:"plugin_modification_date", value:"2025/06/12");
script_cve_id("CVE-2025-0118");
script_xref(name:"IAVA", value:"2025-A-0166-S");
script_name(english:"Palo Alto GlobalProtect App Windows 6.0.x < 6.0.11 / 6.1.x < 6.1.6 / 6.2.x < 6.2.5 / 6.3.x < 6.3.3 Execution of Unsafe ActiveX Control (CVE-2025-0118)");
script_set_attribute(attribute:"synopsis", value:
"A VPN client installed on remote Windows host is affected by a remote command execution vulnerability.");
script_set_attribute(attribute:"description", value:
"The version of Palo Alto GlobalProtect App installed on the remote Windows host is 6.0.x prior to 6.0.11, 6.1.x prior
to 6.1.6, 6.2.x prior to 6.2.5, or 6.3.x prior to 6.3.3. It is, therefore, affected by a remote command execution
vulnerability:
- A vulnerability in the Palo Alto Networks GlobalProtect app on Windows allows a remote attacker to run ActiveX
controls within the context of an authenticated Windows user. This enables the attacker to run commands as if they
are a legitimate authenticated user. However, to exploit this vulnerability, the authenticated user must navigate
to a malicious page during the GlobalProtect SAML login process on a Windows device. This issue does not apply to
the GlobalProtect app on other (non-Windows) platforms. (CVE-2025-0118)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://security.paloaltonetworks.com/CVE-2025-0118");
script_set_attribute(attribute:"solution", value:
"Upgrade to Palo Alto GlobalProtect App version 6.0.11, 6.1.6, 6.2.5, 6.3.3 or later");
script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:P/A:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:H");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-0118");
script_set_attribute(attribute:"vuln_publication_date", value:"2025/03/12");
script_set_attribute(attribute:"patch_publication_date", value:"2025/03/12");
script_set_attribute(attribute:"plugin_publication_date", value:"2025/03/13");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:paloaltonetworks:globalprotect");
script_set_attribute(attribute:"stig_severity", value:"II");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("palo_alto_globalprotect_agent_win_installed.nbin");
script_require_keys("installed_sw/Palo Alto GlobalProtect Agent", "SMB/Registry/Enumerated");
exit(0);
}
include('vcf.inc');
get_kb_item_or_exit('SMB/Registry/Enumerated');
var app_info = vcf::get_app_info(app:'Palo Alto GlobalProtect Agent', win_local:TRUE);
vcf::check_granularity(app_info:app_info, sig_segments:3);
var constraints = [
{'min_version' : '6.0', 'fixed_version' : '6.0.11'},
{'min_version' : '6.1', 'fixed_version' : '6.1.6'},
{'min_version' : '6.2', 'fixed_version' : '6.2.5'},
{'min_version' : '6.3', 'fixed_version' : '6.3.3'}
];
vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
12 Jun 2025 00:00Current
5.7Medium risk
Vulners AI Score5.7
CVSS 3.18
CVSS 46
EPSS0.00411
SSVC