What is the CVSS score of CVE-2025-0141?

CVE-2025-0141 has a CVSS 4.0 base score of 8.4 (High). CVSS vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:H/SI:H/SA:H/AU:N/R:U/V:D/RE:M/U:Amber. EPSS exploitation probability: 0.0%.

Which versions of Windows are affected by CVE-2025-0141?

CVE-2025-0141 is a high-severity vulnerability in an unspecified product that allows authenticated local users to escalate privileges or compromise system integrity, potentially affecting any…. A patch is available.

How to fix or mitigate CVE-2025-0141?

Within 24 hours: identify all systems running the affected product and verify current versions. Within 7 days: apply vendor-released patch to all affected systems, prioritizing production environments and systems handling sensitive data. Within 30 days: complete patch deployment across all remaining systems and validate remediation through security testing.

Windows CVE-2025-0141

EUVD-2025-20879 HIGH

Untrusted Search Path (CWE-426)

2025-07-09 psirt@paloaltonetworks.com

Windows Privilege Escalation Chrome Google Apple macOS Microsoft Android Paloalto

8.4

CVSS 4.0

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:H/SI:H/SA:H/AU:N/R:U/V:D/RE:M/U:Amber

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Lifecycle Timeline

Analysis Updated

Apr 16, 2026 - 06:28 EUVD-patch-fix

executive_summary

Re-analysis Queued

Apr 16, 2026 - 05:29 backfill_euvd_patch

patch_released

Patch available

Apr 16, 2026 - 05:29 EUVD

6.2.8-h2,6.2.8,6.3.3-h1

EUVD ID Assigned

Mar 16, 2026 - 06:20 euvd

EUVD-2025-20879

Analysis Generated

Mar 16, 2026 - 06:20 vuln.today

CVE Published

Jul 09, 2025 - 23:15 nvd

HIGH 8.4

DescriptionNVD

An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect™ App on enables a locally authenticated non administrative user to escalate their privileges to root on macOS and Linux or NT AUTHORITY\SYSTEM on Windows.

The GlobalProtect app on iOS, Android, Chrome OS and GlobalProtect UWP app are not affected.

AnalysisAI

CVE-2025-0141 is a security vulnerability (CVSS 8.4) that allows a locally authenticated non administrative user. High severity vulnerability requiring prompt remediation.