CVE-2025-4227 – Palo Alto Networks GlobalProtect Unencrypted Packet Injection Vulnerability

June 13, 2025

CVE ID : CVE-2025-4227

Published : June 13, 2025, 6:15 a.m. | 3 hours, 49 minutes ago

Description : An improper access control vulnerability in the Endpoint Traffic Policy Enforcement https://docs.paloaltonetworks.com/globalprotect/6-0/globalprotect-app-new-features/new-features-released-in-gp-app/endpoint-traffic-policy-enforcement feature of the Palo Alto Networks GlobalProtect™ app allows certain packets to remain unencrypted instead of being properly secured within the tunnel.

An attacker with physical access to the network can inject rogue devices to intercept these packets. Under normal operating conditions, the GlobalProtect app automatically recovers from this interception within one minute.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4229 – Palo Alto Networks PAN-OS SD-WAN Information Disclosure Vulnerability

Next Article Rilasciato GNU Nano 8.5: L’editor di testo a riga di comando con ancore salvate e colorazione della sintassi migliorata

Highlights

China-Linked Hackers Exploit SAP and SQL Server Flaws in Attacks Across Asia and Brazil

May 31, 2025

China-Linked Hackers Exploit SAP and SQL Server Flaws in Attacks Across Asia and Brazil

Vulnerability / Threat Intelligence
The China-linked threat actor behind the recent in-the-wild exploitation of a critical security flaw in SAP NetWeaver has been attributed to a broader set of attack …
Read more

Published Date:
May 30, 2025 (1 day, 2 hours ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-32756

CVE-2025-31324

CVE-2024-56145

CVE-2024-51567

CVE-2024-51378

CVE-2024-9047

CVE-2024-27199

CVE-2024-27198

CVE-2021-22205

CVE-2017-9805

Report: 71% of tech leaders won’t hire devs without AI skills

Slack’s AI search now works across an organization’s entire knowledge base

In-House vs Outsourcing for React.js Development: Understand What Is Best for Your Enterprise

Tiny Screens, Big Impact: The Forgotten Art Of Developing Web Apps For Feature Phones

Too many open browser tabs? This is still my favorite solution – and has been for years

This new browser won’t monetize your every move – how to try it

Pokémon has partnered with one of the biggest PC gaming brands again, and you can actually buy these accessories — but do you even want to?

AMD’s budget Ryzen AI 5 330 processor will introduce a wave of ultra-affordable Copilot+ PCs with its mobile 50 TOPS NPU

The details of TC39’s last meeting

The details of TC39’s last meeting

Notes Android App Using SQLite

How to Get Security Patches for Legacy Unsupported Node.js Versions

KeySmith – SSH key management

KeySmith – SSH key management

Pokémon has partnered with one of the biggest PC gaming brands again, and you can actually buy these accessories — but do you even want to?

AMD’s budget Ryzen AI 5 330 processor will introduce a wave of ultra-affordable Copilot+ PCs with its mobile 50 TOPS NPU

CVE-2025-4227 – Palo Alto Networks GlobalProtect Unencrypted Packet Injection Vulnerability

Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads

CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises

The five coolest gadgets announced at Computex 2025 (and they’re actually affordable)

India’s Crypto Adoption Journey: From Skepticism to Leadership

Announcing the MongoDB MCP Server

CVE-2025-6563 – MikroTik RouterOS Cross-Site Scripting

China-Linked Hackers Exploit SAP and SQL Server Flaws in Attacks Across Asia and Brazil

CVE-2024-13418 – WordPress Theme/Plugin Arbitrary File Upload Vulnerability

The best iOS 26 features that will make updating your iPhone worthwhile

Professor Rita McGrath on Leading in Times of Uncertainty

CVE-2025-4227 – Palo Alto Networks GlobalProtect Unencrypted Packet Injection Vulnerability

Related Posts