CVE-2025-0140 – Palo Alto Networks GlobalProtect App Privilege Escalation Vulnerability

July 10, 2025

CVE ID : CVE-2025-0140

Published : July 9, 2025, 11:15 p.m. | 4 hours, 49 minutes ago

Description : An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect™ App on macOS and Linux devices enables a locally authenticated non administrative user to disable the app even if the GlobalProtect app configuration would not normally permit them to do so.

The GlobalProtect app on Windows, iOS, Android, Chrome OS and GlobalProtect UWP app are not affected.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-0141 – Palo Alto Networks GlobalProtect™ App Privilege Escalation Vulnerability

Next Article CVE-2025-0139 – Palo Alto Networks Autonomous Digital Experience Manager Privilege Escalation Vulnerability

Highlights

CVE-2025-38154 – Linux Kernel BPF Sockmap Use After Free Vulnerability

July 3, 2025

CVE ID : CVE-2025-38154

Published : July 3, 2025, 9:15 a.m. | 2 hours, 14 minutes ago

Description : In the Linux kernel, the following vulnerability has been resolved:

bpf, sockmap: Avoid using sk_socket after free when sending

The sk->sk_socket is not locked or referenced in backlog thread, and
during the call to skb_send_sock(), there is a race condition with
the release of sk_socket. All types of sockets(tcp/udp/unix/vsock)
will be affected.

Race conditions:
”’
CPU0 CPU1

backlog::skb_send_sock
sendmsg_unlocked
sock_sendmsg
sock_sendmsg_nosec
close(fd):
…
ops->release() -> sock_map_close()
sk_socket->ops = NULL
free(socket)
sock->ops->sendmsg
^
panic here
”’

The ref of psock become 0 after sock_map_close() executed.
”’
void sock_map_close()
{
…
if (likely(psock)) {
…
// !! here we remove psock and the ref of psock become 0
sock_map_remove_links(sk, psock)
psock = sk_psock_get(sk);
if (unlikely(!psock))
goto no_psock; work);
? die_addr+0x40/0xa0
? exc_general_protection+0x14c/0x230
? asm_exc_general_protection+0x26/0x30
? sock_sendmsg+0x21d/0x440
? sock_sendmsg+0x3e0/0x440
? __pfx_sock_sendmsg+0x10/0x10
__skb_send_sock+0x543/0xb70
sk_psock_backlog+0x247/0xb80
…
”’

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Vibe Loop: AI-native reliability engineering for the real world

Docker Compose gets new features for building and running agents

Why Enterprises Are Choosing AI-Driven React.js Development Companies in 2025

Unmasking The Magic: The Wizard Of Oz Method For UX Research

How I personalized my ChatGPT conversations – why it’s a game changer

Xbox Game Pass deals ranged from “$50,000 to $50,000,000” — offering a glimpse at how much Microsoft drops on content

The Division 2’s new Brooklyn Archivist Merit Commendation was driving me INSANE — it turns out there’s a sneaky extra step you need to do first

Alan Wake 2 for Xbox Series X is on sale during Amazon Prime Day — dive into Remedy’s title that “bloodily earns its place as a horror game”

Salesforce Health Cloud Demo: Provider Search & Network Management in Action

Salesforce Health Cloud Demo: Provider Search & Network Management in Action

Oracle Cloud EPM: Transitioning to Forms 2.0, Dashboards 2.0 by October 2025

This Week in Laravel: React.js, Filament vs Laravel, and Junior Test

Xbox Game Pass deals ranged from “$50,000 to $50,000,000” — offering a glimpse at how much Microsoft drops on content

Xbox Game Pass deals ranged from “$50,000 to $50,000,000” — offering a glimpse at how much Microsoft drops on content

The Division 2’s new Brooklyn Archivist Merit Commendation was driving me INSANE — it turns out there’s a sneaky extra step you need to do first

Alan Wake 2 for Xbox Series X is on sale during Amazon Prime Day — dive into Remedy’s title that “bloodily earns its place as a horror game”

CVE-2025-0140 – Palo Alto Networks GlobalProtect App Privilege Escalation Vulnerability

Chrome Zero-Day CVE-2025-6554 Under Active Attack — Google Issues Security Update

Critical Vulnerability in Anthropic’s MCP Exposes Developer Machines to Remote Exploits

CVE-2025-4314 – SourceCodester Advanced Web Store SQL Injection Vulnerability

Windows 11 Widgets Board Could Get More Useful with THIS Update

Is Drug Dealer Simulator on Xbox Game Pass?

CVE-2025-46336 – Rack::Session Pool Session Restoration Vulnerability

CVE-2025-38154 – Linux Kernel BPF Sockmap Use After Free Vulnerability

Google launches Gemini 2.5 Flash, and this is what it can do

Vinyl Online Casino aus DE starten

Mozilla is so out of Pocket for shutting down one of my favorite apps

CVE-2025-0140 – Palo Alto Networks GlobalProtect App Privilege Escalation Vulnerability

Related Posts