In May of 2025, CVE-2025-0133 was reported by an organization called XBOW. This is a vulnerability in the GlobalProtect VPN client gateway by Palo Alto Networks. It allows third party contractors to connect to your application and networks.
It is clientless and relatively simple to exploit. Instead of needing to run a complex, binary attack on an endpoint, this vulnerability can be exploited as simply as tricking an end-user to click on a link that has been tampered with.
Over the past week, Bugcrowd has seen a lot of these vulnerabilities reported. It exists in many places and has a large blast radius. In this security flash, we sit down with Casey Ellis, founder of Bugcrowd, and Von Tran, Sr. Manager of Security Operations at Bugcrowd. They discuss the situation in depth, how it impacts both defenders and hackers, and the broader implications of AI and automation.
Check out the video below for Casey and Von’s breakdown and analysis of the situation!