
CVE-2025-4230 – PAN-OS: Authenticated Admin Command Injection Vulnerability Through CLI
https://notcve.org/view.php?id=CVE-2025-4230
12 Jun 2025 — A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. To be able to exploit this issue, the user must have access to the PAN-OS CLI. The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators. Cloud NGFW and Prisma® Access are not affected by this vulnerability. • https://security.paloaltonetworks.com/CVE-2025-4230 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVE-2025-4231 – PAN-OS: Authenticated Admin Command Injection Vulnerability in the Management Web Interface
https://notcve.org/view.php?id=CVE-2025-4231
12 Jun 2025 — A command injection vulnerability in Palo Alto Networks PAN-OS® enables an authenticated administrative user to perform actions as the root user. The attacker must have network access to the management web interface and successfully authenticate to exploit this issue. Cloud NGFW and Prisma Access are not impacted by this vulnerability. • https://security.paloaltonetworks.com/CVE-2025-4231 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVE-2025-4229 – PAN-OS: Traffic Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-4229
11 Jun 2025 — An information disclosure vulnerability in the SD-WAN feature of Palo Alto Networks PAN-OS® software enables an unauthorized user to view unencrypted data sent from the firewall through the SD-WAN interface. This requires the user to be able to intercept packets sent from the firewall. Cloud NGFW and Prisma® Access are not affected by this vulnerability. • https://security.paloaltonetworks.com/CVE-2025-4229 • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •

CVE-2025-0136 – PAN-OS: Unencrypted Data Transfer when using AES-128-CCM on Intel-based hardware devices
https://notcve.org/view.php?id=CVE-2025-0136
14 May 2025 — Using the AES-128-CCM algorithm for IPSec on certain Palo Alto Networks PAN-OS® firewalls (PA-7500, PA-5400, PA-5400f, PA-3400, PA-1600, PA-1400, and PA-400 Series) leads to unencrypted data transfer to devices that are connected to the PAN-OS firewall through IPSec. This issue does not affect Cloud NGFWs, Prisma® Access instances, or PAN-OS VM-Series firewalls. NOTE: The AES-128-CCM encryption algorithm is not recommended for use. • https://security.paloaltonetworks.com/CVE-2025-0136 • CWE-319: Cleartext Transmission of Sensitive Information •

CVE-2025-0137 – PAN-OS: Improper Neutralization of Input in the Management Web Interface
https://notcve.org/view.php?id=CVE-2025-0137
14 May 2025 — An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® software enables a malicious authenticated read-write administrator to impersonate another legitimate authenticated PAN-OS administrator. The attacker must have network access to the management web interface to exploit this issue. You greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended criti... • https://security.paloaltonetworks.com/CVE-2025-0137 • CWE-83: Improper Neutralization of Script in Attributes in a Web Page •

CVE-2025-0133 – PAN-OS: Reflected Cross-Site Scripting (XSS) Vulnerability in GlobalProtect Gateway and Portal
https://notcve.org/view.php?id=CVE-2025-0133
14 May 2025 — A reflected cross-site scripting (XSS) vulnerability in the GlobalProtect™ gateway and portal features of Palo Alto Networks PAN-OS® software enables execution of malicious JavaScript in the context of an authenticated Captive Portal user's browser when they click on a specially crafted link. The primary risk is phishing attacks that can lead to credential theft—particularly if you enabled Clientless VPN. There is no availability impact to GlobalProtect features or GlobalProtect users. Attackers cannot use ... • https://github.com/dodiorne/cve-2025-0133 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2025-0123 – PAN-OS: Information Disclosure Vulnerability in HTTP/2 Packet Captures
https://notcve.org/view.php?id=CVE-2025-0123
11 Apr 2025 — A vulnerability in the Palo Alto Networks PAN-OS® software enables unlicensed administrators to view clear-text data captured using the packet capture feature https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-admin/monitoring/take-packet-captures/take-a-custom-packet-capture in decrypted HTTP/2 data streams traversing network interfaces on the firewall. HTTP/1.1 data streams are not impacted. In normal conditions, decrypted packet captures are available to firewall administrators after they obtain and in... • https://security.paloaltonetworks.com/CVE-2025-0123 • CWE-312: Cleartext Storage of Sensitive Information •

CVE-2025-0128 – PAN-OS: Firewall Denial of Service (DoS) Using a Specially Crafted Packet
https://notcve.org/view.php?id=CVE-2025-0128
11 Apr 2025 — A denial-of-service (DoS) vulnerability in the Simple Certificate Enrollment Protocol (SCEP) authentication feature of Palo Alto Networks PAN-OS® software enables an unauthenticated attacker to initiate system reboots using a maliciously crafted packet. Repeated attempts to initiate a reboot causes the firewall to enter maintenance mode. Cloud NGFW is not affected by this vulnerability. Prisma® Access software is proactively patched and protected from this issue. • https://security.paloaltonetworks.com/CVE-2025-0128 • CWE-754: Improper Check for Unusual or Exceptional Conditions •

CVE-2025-0127 – PAN-OS: Authenticated Admin Command Injection Vulnerability in PAN-OS VM-Series
https://notcve.org/view.php?id=CVE-2025-0127
11 Apr 2025 — A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. This issue is only applicable to PAN-OS VM-Series. This issue does not affect firewalls that are already deployed. Cloud NGFW and Prisma® Access are not affected by this vulnerability. • https://security.paloaltonetworks.com/CVE-2025-0127 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVE-2025-0126 – PAN-OS: Session Fixation Vulnerability in GlobalProtect SAML Login
https://notcve.org/view.php?id=CVE-2025-0126
11 Apr 2025 — When configured using SAML, a session fixation vulnerability in the GlobalProtect™ login enables an attacker to impersonate a legitimate authorized user and perform actions as that GlobalProtect user. This requires the legitimate user to first click on a malicious link provided by the attacker. The SAML login for the PAN-OS® management interface is not affected. Additionally, this issue does not affect Cloud NGFW and all Prisma® Access instances are proactively patched. • https://security.paloaltonetworks.com/CVE-2025-0126 • CWE-384: Session Fixation •