What is the CVSS score of CVE-2025-0140?

CVE-2025-0140 has a CVSS 4.0 base score of 6.8 (Medium). CVSS vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/AU:N/R:U/V:D/RE:M/U:Amber. EPSS exploitation probability: 0.0%.

Which versions of Windows are affected by CVE-2025-0140?

CVE-2025-0140 presents notable security risk rated CVSS 6.8. Exploitation could compromise the security of affected deployments.. A patch is available.

How to fix or mitigate CVE-2025-0140?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Windows CVE-2025-0140

EUVD-2025-20880 MEDIUM

Incorrect Privilege Assignment (CWE-266)

2025-07-09 psirt@paloaltonetworks.com

Windows Information Disclosure Chrome Google Apple macOS Microsoft Android Paloalto

6.8

CVSS 4.0

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/AU:N/R:U/V:D/RE:M/U:Amber

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Lifecycle Timeline

Patch available

Apr 16, 2026 - 05:29 EUVD

6.2.8,6.2.8-h2,6.3.3-h1

EUVD ID Assigned

Mar 16, 2026 - 06:20 euvd

EUVD-2025-20880

Analysis Generated

Mar 16, 2026 - 06:20 vuln.today

CVE Published

Jul 09, 2025 - 23:15 nvd

MEDIUM 6.8

DescriptionNVD

An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect™ App on macOS devices enables a locally authenticated non administrative user to disable the app even if the GlobalProtect app configuration would not normally permit them to do so.

The GlobalProtect app on Windows, Linux, iOS, Android, Chrome OS and GlobalProtect UWP app are not affected.

AnalysisAI

CVE-2025-0140 is a security vulnerability (CVSS 6.8) that allows a locally authenticated non administrative user. Remediation should follow standard vulnerability management procedures.