Detections
Analytics
Palo Alto GlobalProtect App MacOS 6.x < 6.2.8-h2 / 6.3.x < 6.3.3-650 Improper Access Control (CVE-2025-4227)
low Nessus Plugin ID 240281
Language:
Synopsis
A VPN client installed on remote host is affected by a improper access control vulnerability.Description
The version of Palo Alto GlobalProtect App installed on the remote macOS host is 6.x prior to 6.2.8-h2 or 6.3.x prior to 6.3.3-650. It is, therefore, affected by a improper access control vulnerability:- An improper access control vulnerability in the Endpoint Traffic Policy Enforcement feature of the Palo Alto Networks GlobalProtect app allows certain packets to remain unencrypted instead of being properly secured within the tunnel. An attacker with physical access to the network can inject rogue devices to intercept these packets. Under normal operating conditions, the GlobalProtect app automatically recovers from this interception within one minute. (CVE-2025-4227)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Upgrade to Palo Alto GlobalProtect App version 6.2.8-h2, 6.3.3-650 or laterSee Also
Plugin Details
Severity: Low
ID: 240281
File Name: palo_alto_globalprotect_agent_macos_CVE-2025-4227.nasl
Version: 1.1
Type: local
Agent: macosx
Family: MacOS X Local Security Checks
Published: 6/23/2025
Updated: 6/23/2025
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: Low
Base Score: 3.3
Vector: CVSS2#AV:A/AC:L/Au:N/C:N/I:P/A:N
CVSS Score Source: CVE-2025-4227
CVSS v3
Risk Factor: Low
Base Score: 3.5
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Vulnerability Information
CPE: cpe:/a:paloaltonetworks:globalprotect
Required KB Items: Host/MacOSX/Version, installed_sw/Palo Alto GlobalProtect Agent
Patch Publication Date: 6/11/2025
Vulnerability Publication Date: 6/11/2025
Reference Information
CVE: CVE-2025-4227
IAVA: 2025-A-0430