CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 0CVE-2025-0123 – PAN-OS: Information Disclosure Vulnerability in HTTP/2 Packet Captures
https://notcve.org/view.php?id=CVE-2025-0123
11 Apr 2025 — A vulnerability in the Palo Alto Networks PAN-OS® software enables unlicensed administrators to view clear-text data captured using the packet capture feature https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-admin/monitoring/take-packet-captures/take-a-custom-packet-capture in decrypted HTTP/2 data streams traversing network interfaces on the firewall. HTTP/1.1 data streams are not impacted. In normal conditions, decrypted packet captures are available to firewall administrators after they obtain and in... • https://security.paloaltonetworks.com/CVE-2025-0123 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2025-0127 – PAN-OS: Authenticated Admin Command Injection Vulnerability in PAN-OS VM-Series
https://notcve.org/view.php?id=CVE-2025-0127
11 Apr 2025 — A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. This issue is only applicable to PAN-OS VM-Series. This issue does not affect firewalls that are already deployed. Cloud NGFW and Prisma® Access are not affected by this vulnerability. • https://security.paloaltonetworks.com/CVE-2025-0127 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.7EPSS: 0%CPEs: 4EXPL: 0CVE-2025-0125 – PAN-OS: Improper Neutralization of Input in the Management Web Interface
https://notcve.org/view.php?id=CVE-2025-0125
11 Apr 2025 — An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® software enables a malicious authenticated read-write administrator to impersonate another legitimate authenticated PAN-OS administrator. The attacker must have network access to the management web interface to exploit this issue. You greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended criti... • https://security.paloaltonetworks.com/CVE-2025-0125 • CWE-83: Improper Neutralization of Script in Attributes in a Web Page •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-0124 – PAN-OS: Authenticated File Deletion Vulnerability on the Management Web Interface
https://notcve.org/view.php?id=CVE-2025-0124
11 Apr 2025 — An authenticated file deletion vulnerability in the Palo Alto Networks PAN-OS® software enables an authenticated attacker with network access to the management web interface to delete certain files as the “nobody” user; this includes limited logs and configuration files but does not include system files. The attacker must have network access to the management web interface to exploit this issue. You greatly reduce the risk of this issue by restricting access to the management web interface to only trusted i... • https://security.paloaltonetworks.com/CVE-2025-0124 • CWE-73: External Control of File Name or Path •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-0116 – PAN-OS: Firewall Denial of Service (DoS) Using a Specially Crafted LLDP Frame
https://notcve.org/view.php?id=CVE-2025-0116
12 Mar 2025 — A Denial of Service (DoS) vulnerability in Palo Alto Networks PAN-OS software causes the firewall to unexpectedly reboot when processing a specially crafted LLDP frame sent by an unauthenticated adjacent attacker. Repeated attempts to initiate this condition causes the firewall to enter maintenance mode. This issue does not apply to Cloud NGFWs or Prisma Access software. • https://security.paloaltonetworks.com/CVE-2025-0116 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-0115 – PAN-OS: Authenticated Admin File Read Vulnerability in PAN-OS CLI
https://notcve.org/view.php?id=CVE-2025-0115
12 Mar 2025 — A vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated admin on the PAN-OS CLI to read arbitrary files. This issue does not affect Cloud NGFW or Prisma Access. A vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated admin on the PAN-OS CLI to read arbitrary files. The attacker must have network access to the management interface (web, SSH, console, or telnet) and successfully authenticate to exploit this issue. You can greatly reduce the risk of this is... • https://security.paloaltonetworks.com/CVE-2025-0115 • CWE-41: Improper Resolution of Path Equivalence •
CVSS: 8.2EPSS: 0%CPEs: 2EXPL: 0CVE-2025-0114 – PAN-OS: Denial of Service (DoS) in GlobalProtect
https://notcve.org/view.php?id=CVE-2025-0114
12 Mar 2025 — A Denial of Service (DoS) vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software enables an unauthenticated attacker to render the service unavailable by sending a large number of specially crafted packets over a period of time. This issue affects both the GlobalProtect portal and the GlobalProtect gateway. This issue does not apply to Cloud NGFWs or Prisma Access software. • https://security.paloaltonetworks.com/CVE-2025-0114 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.7EPSS: 0%CPEs: 3EXPL: 0CVE-2024-2550 – PAN-OS: Firewall Denial of Service (DoS) in GlobalProtect Gateway Using a Specially Crafted Packet
https://notcve.org/view.php?id=CVE-2024-2550
14 Nov 2024 — A null pointer dereference vulnerability in the GlobalProtect gateway in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to stop the GlobalProtect service on the firewall by sending a specially crafted packet that causes a denial of service (DoS) condition. Repeated attempts to trigger this condition result in the firewall entering maintenance mode. Una vulnerabilidad de desreferencia de puntero nulo en la puerta de enlace GlobalProtect del software PAN-OS de Palo Alto Networks permit... • https://security.paloaltonetworks.com/CVE-2024-2550 • CWE-476: NULL Pointer Dereference •
CVSS: 4.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-5920 – PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in PAN-OS Enables Impersonation of a Legitimate Administrator
https://notcve.org/view.php?id=CVE-2024-5920
14 Nov 2024 — A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write Panorama administrator to push a specially crafted configuration to a PAN-OS node. This enables impersonation of a legitimate PAN-OS administrator who can perform restricted actions on the PAN-OS node after the execution of JavaScript in the legitimate PAN-OS administrator's browser. Una vulnerabilidad de cross-site scripting (XSS) en el software PAN-OS de Palo Alto Networks permite que un ad... • https://security.paloaltonetworks.com/CVE-2024-5920 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-5917 – PAN-OS: Server-Side Request Forgery in WildFire
https://notcve.org/view.php?id=CVE-2024-5917
14 Nov 2024 — A server-side request forgery in PAN-OS software enables an unauthenticated attacker to use the administrative web interface as a proxy, which enables the attacker to view internal network resources not otherwise accessible. Server-side request forgeryen el software PAN-OS permite a un atacante no autenticado utilizar la interfaz web administrativa como proxy, lo que le permite ver recursos de red internos que de otra manera no serían accesibles. A server-side request forgery in PAN-OS software enables an a... • https://security.paloaltonetworks.com/CVE-2024-5917 • CWE-918: Server-Side Request Forgery (SSRF) •