Vulnerabilities
Misconfiguration
Compliance
CVE Vulnerabilities

CVE-2025-0118

Exposed Unsafe ActiveX Method

Published: Mar 12, 2025 | Modified: Jun 27, 2025
CVSS 3.x
8
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu
Vulnerability-free packages from our partners
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2025-0118
CWEhttps://cwe.mitre.org/data/definitions/618.html

A vulnerability in the Palo Alto Networks GlobalProtect app on Windows allows a remote attacker to run ActiveX controls within the context of an authenticated Windows user. This enables the attacker to run commands as if they are a legitimate authenticated user. However, to exploit this vulnerability, the authenticated user must navigate to a malicious page during the GlobalProtect SAML login process on a Windows device.

This issue does not apply to the GlobalProtect app on other (non-Windows) platforms.

Weakness

An ActiveX control is intended for use in a web browser, but it exposes dangerous methods that perform actions that are outside of the browser’s security model (e.g. the zone or domain).

Affected Software

Name Vendor Start Version End Version
Globalprotect Paloaltonetworks 6.0.0 (including) 6.0.11 (excluding)
Globalprotect Paloaltonetworks 6.1.0 (including) 6.1.6 (excluding)
Globalprotect Paloaltonetworks 6.2.0 (including) 6.2.5 (excluding)
Globalprotect Paloaltonetworks 6.3.0 (including) 6.3.3 (excluding)

Potential Mitigations

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2025 Aqua Security Software Ltd.   Privacy Policy | Terms of Use