CVE-2025-4227 – Palo Alto Networks GlobalProtect Unencrypted Packet Injection Vulnerability

June 13, 2025

CVE ID : CVE-2025-4227

Published : June 13, 2025, 6:15 a.m. | 3 hours, 49 minutes ago

Description : An improper access control vulnerability in the Endpoint Traffic Policy Enforcement https://docs.paloaltonetworks.com/globalprotect/6-0/globalprotect-app-new-features/new-features-released-in-gp-app/endpoint-traffic-policy-enforcement feature of the Palo Alto Networks GlobalProtect™ app allows certain packets to remain unencrypted instead of being properly secured within the tunnel.

An attacker with physical access to the network can inject rogue devices to intercept these packets. Under normal operating conditions, the GlobalProtect app automatically recovers from this interception within one minute.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4229 – Palo Alto Networks PAN-OS SD-WAN Information Disclosure Vulnerability

Next Article Rilasciato GNU Nano 8.5: L’editor di testo a riga di comando con ancore salvate e colorazione della sintassi migliorata

How To Prevent WordPress SQL Injection Attacks

Java never goes out of style: Celebrating 30 years of the language

OpenAI o3-pro available in the API, BrowserStack adds Playwright support for real iOS devices, and more – Daily News Digest

Creating The “Moving Highlight” Navigation Bar With JavaScript And CSS

Microsoft Copilot’s own default configuration exposed users to the first-ever “zero-click” AI attack, but there was no data breach

Sam Altman says “OpenAI was forced to do a lot of unnatural things” to meet the Ghibli memes demand surge

5 things we didn’t get from the Xbox Games Showcase, because Xbox obviously hates me personally

Minecraft Vibrant Visuals finally has a release date and it’s dropping with the Happy Ghasts

QAQ-QQ-AI-QUEST

QAQ-QQ-AI-QUEST

JS Dark Arts: Abusing prototypes and the Result type

Helpful Git Aliases To Maximize Developer Productivity

Microsoft Copilot’s own default configuration exposed users to the first-ever “zero-click” AI attack, but there was no data breach

Microsoft Copilot’s own default configuration exposed users to the first-ever “zero-click” AI attack, but there was no data breach

Sam Altman says “OpenAI was forced to do a lot of unnatural things” to meet the Ghibli memes demand surge

5 things we didn’t get from the Xbox Games Showcase, because Xbox obviously hates me personally

CVE-2025-4227 – Palo Alto Networks GlobalProtect Unencrypted Packet Injection Vulnerability

Critical 10-Year-Old Roundcube Webmail Bug Allows Authenticated Users Run Malicious Code

HPE Issues Security Patch for StoreOnce Bug Allowing Remote Authentication Bypass

Minecraft friendly ghasts and Vibrant Visuals are rolling out to players

Il progetto Guix si sposta sull’hosting Git di Codeberg

The AI Hype Train Has No Brakes

Design is 2D CAD software for GNOME

DPRK Hackers Steal $137M from TRON Users in Single-Day Phishing Attack

ZealousWeb LLC

Sam Altman predicts agentic AI “clicking around the Internet” — If you trust it not to empty your bank account or delete data

How time-tracking apps can help you get more done – and my 4 favorite

CVE-2025-4227 – Palo Alto Networks GlobalProtect Unencrypted Packet Injection Vulnerability

Related Posts