What is the CVSS score of CVE-2025-0139?

CVE-2025-0139 has a CVSS 4.0 base score of 6.3 (Medium). CVSS vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H/AU:N/R:U/V:D/RE:M/U:Amber. EPSS exploitation probability: 0.0%.

Which versions of macOS are affected by CVE-2025-0139?

CVE-2025-0139 presents moderate security risk rated CVSS 6.3. Exploitation could compromise the security of affected deployments.. A patch is available.

How to fix or mitigate CVE-2025-0139?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

macOS CVE-2025-0139

EUVD-2025-20881 MEDIUM

Incorrect Privilege Assignment (CWE-266)

2025-07-09 psirt@paloaltonetworks.com

Privilege Escalation Apple macOS Paloalto

6.3

CVSS 4.0

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H/AU:N/R:U/V:D/RE:M/U:Amber

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Lifecycle Timeline

Patch available

Apr 16, 2026 - 05:29 EUVD

5.6.7

EUVD ID Assigned

Mar 16, 2026 - 06:20 euvd

EUVD-2025-20881

Analysis Generated

Mar 16, 2026 - 06:20 vuln.today

CVE Published

Jul 09, 2025 - 23:15 nvd

MEDIUM 6.3

DescriptionNVD

An incorrect privilege assignment vulnerability in Palo Alto Networks Autonomous Digital Experience Manager allows a locally authenticated low privileged user on macOS endpoints to escalate their privileges to root.

AnalysisAI

CVE-2025-0139 is a security vulnerability (CVSS 6.3) that allows a locally authenticated low privileged user. Remediation should follow standard vulnerability management procedures.