CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-0136 – PAN-OS: Unencrypted Data Transfer when using AES-128-CCM on Intel-based hardware devices
https://notcve.org/view.php?id=CVE-2025-0136
14 May 2025 — Using the AES-128-CCM algorithm for IPSec on certain Palo Alto Networks PAN-OS® firewalls (PA-7500, PA-5400, PA-5400f, PA-3400, PA-1600, PA-1400, and PA-400 Series) leads to unencrypted data transfer to devices that are connected to the PAN-OS firewall through IPSec. This issue does not affect Cloud NGFWs, Prisma® Access instances, or PAN-OS VM-Series firewalls. NOTE: The AES-128-CCM encryption algorithm is not recommended for use. • https://security.paloaltonetworks.com/CVE-2025-0136 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0138 – Prisma Cloud Compute Edition: Insufficient Session Expiration Vulnerability in the Web Interface
https://notcve.org/view.php?id=CVE-2025-0138
14 May 2025 — Web sessions in the web interface of Palo Alto Networks Prisma® Cloud Compute Edition do not expire when users are deleted, which makes Prisma Cloud Compute Edition susceptible to unauthorized access. Compute in Prisma Cloud Enterprise Edition is not affected by this issue. • https://security.paloaltonetworks.com/CVE-2025-0138 • CWE-613: Insufficient Session Expiration •
CVSS: 8.7EPSS: 0%CPEs: 3EXPL: 0CVE-2025-0137 – PAN-OS: Improper Neutralization of Input in the Management Web Interface
https://notcve.org/view.php?id=CVE-2025-0137
14 May 2025 — An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® software enables a malicious authenticated read-write administrator to impersonate another legitimate authenticated PAN-OS administrator. The attacker must have network access to the management web interface to exploit this issue. You greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended criti... • https://security.paloaltonetworks.com/CVE-2025-0137 • CWE-83: Improper Neutralization of Script in Attributes in a Web Page •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-0135 – GlobalProtect App on macOS: Non Admin User Can Disable the GlobalProtect App
https://notcve.org/view.php?id=CVE-2025-0135
14 May 2025 — An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect™ App on macOS devices enables a locally authenticated non administrative user to disable the app. The GlobalProtect app on Windows, Linux, iOS, Android, Chrome OS and GlobalProtect UWP app are not affected. • https://security.paloaltonetworks.com/CVE-2025-0135 • CWE-266: Incorrect Privilege Assignment •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0134 – Cortex XDR Broker VM: Authenticated Code Injection Vulnerability in Broker VM
https://notcve.org/view.php?id=CVE-2025-0134
14 May 2025 — A code injection vulnerability in the Palo Alto Networks Cortex XDR® Broker VM allows an authenticated user to execute arbitrary code with root privileges on the host operating system running Broker VM. • https://security.paloaltonetworks.com/CVE-2025-0134 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.9EPSS: 0%CPEs: 3EXPL: 0CVE-2025-0133 – PAN-OS: Reflected Cross-Site Scripting (XSS) Vulnerability in GlobalProtect Gateway and Portal
https://notcve.org/view.php?id=CVE-2025-0133
14 May 2025 — A reflected cross-site scripting (XSS) vulnerability in the GlobalProtect™ gateway and portal features of Palo Alto Networks PAN-OS® software enables execution of malicious JavaScript in the context of an authenticated Captive Portal user's browser when they click on a specially crafted link. The primary risk is phishing attacks that can lead to credential theft—particularly if you enabled Clientless VPN. There is no availability impact to GlobalProtect features or GlobalProtect users. Attackers cannot use ... • https://security.paloaltonetworks.com/CVE-2025-0133 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0132 – Cortex XDR Broker VM: Unauthenticated User Can Disable Internal Services
https://notcve.org/view.php?id=CVE-2025-0132
14 May 2025 — A missing authentication vulnerability in Palo Alto Networks Cortex XDR® Broker VM allows an unauthenticated user to disable certain internal services on the Broker VM. The attacker must have network access to the Broker VM to exploit this issue. • https://security.paloaltonetworks.com/CVE-2025-0132 • CWE-306: Missing Authentication for Critical Function •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0130 – PAN-OS: Firewall Denial-of-Service (DoS) in the Web-Proxy Feature via a Burst of Maliciously Crafted Packets
https://notcve.org/view.php?id=CVE-2025-0130
14 May 2025 — A missing exception check in Palo Alto Networks PAN-OS® software with the web proxy feature enabled allows an unauthenticated attacker to send a burst of maliciously crafted packets that causes the firewall to become unresponsive and eventually reboot. Repeated successful attempts to trigger this condition will cause the firewall to enter maintenance mode. This issue does not affect Cloud NGFW or Prisma Access. • https://security.paloaltonetworks.com/CVE-2025-0130 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0129 – Prisma Access Browser: Inappropriate control behavior in Prisma Access Browser
https://notcve.org/view.php?id=CVE-2025-0129
11 Apr 2025 — Prisma Access Browser: Inappropriate control behavior in Prisma Access Browser An improper exception check in Palo Alto Networks Prisma Access Browser allows a low privileged user to prevent Prisma Access Browser from applying it's Policy Rules. This enables the user to use Prisma Access Browser without any restrictions. • https://security.paloaltonetworks.com/PAN-SA-2025-0008 • CWE-306: Missing Authentication for Critical Function CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 0CVE-2025-0123 – PAN-OS: Information Disclosure Vulnerability in HTTP/2 Packet Captures
https://notcve.org/view.php?id=CVE-2025-0123
11 Apr 2025 — A vulnerability in the Palo Alto Networks PAN-OS® software enables unlicensed administrators to view clear-text data captured using the packet capture feature https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-admin/monitoring/take-packet-captures/take-a-custom-packet-capture in decrypted HTTP/2 data streams traversing network interfaces on the firewall. HTTP/1.1 data streams are not impacted. In normal conditions, decrypted packet captures are available to firewall administrators after they obtain and in... • https://security.paloaltonetworks.com/CVE-2025-0123 • CWE-312: Cleartext Storage of Sensitive Information •