Detections
Analytics
Palo Alto GlobalProtect App Windows 6.x < 6.2.8-h3 / 6.3.x < 6.3.3-h2 Improper Certificate Validation (CVE-2025-2183)
high Nessus Plugin ID 252960
Synopsis
A VPN client installed on remote host is affected by an improper certificate validation vulnerability.Description
The version of Palo Alto GlobalProtect App installed on the remote Windows host is 6.x prior to 6.2.8-h3 or 6.3.x prior to 6.3.3-h2. It is, therefore, affected by an improper certificate validation vulnerability:- An insufficient certificate validation issue in the Palo Alto Networks GlobalProtect app enables attackers to connect the GlobalProtect app to arbitrary servers. This can enable a local non-administrative operating system user or an attacker on the same subnet to install malicious root certificates on the endpoint and subsequently install malicious software signed by the malicious root certificates on that endpoint.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Upgrade to Palo Alto GlobalProtect App version 6.2.8-h3, or 6.3.3-h2 or laterSee Also
Plugin Details
Severity: High
ID: 252960
File Name: palo_alto_globalprotect_CVE-2025-2183.nasl
Version: 1.1
Type: local
Agent: windows
Family: Windows
Published: 8/20/2025
Updated: 8/20/2025
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.1
CVSS v2
Risk Factor: High
Base Score: 7.8
Vector: CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:N
CVSS Score Source: CVE-2025-2183
CVSS v3
Risk Factor: High
Base Score: 7.3
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
CVSS v4
Risk Factor: High
Base Score: 7.4
Vector: CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
Vulnerability Information
CPE: cpe:/a:paloaltonetworks:globalprotect
Required KB Items: SMB/Registry/Enumerated, installed_sw/Palo Alto GlobalProtect Agent
Patch Publication Date: 8/13/2025
Vulnerability Publication Date: 8/13/2025
Reference Information
CVE: CVE-2025-2183