CVSS: 9.0EPSS: %CPEs: 3EXPL: 0CVE-2025-4230 – PAN-OS: Authenticated Admin Command Injection Vulnerability Through CLI
https://notcve.org/view.php?id=CVE-2025-4230
12 Jun 2025 — A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. To be able to exploit this issue, the user must have access to the PAN-OS CLI. The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators. Cloud NGFW and Prisma® Access are not affected by this vulnerability. • https://security.paloaltonetworks.com/CVE-2025-4230 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.5EPSS: %CPEs: 3EXPL: 0CVE-2025-4229 – PAN-OS: Traffic Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-4229
11 Jun 2025 — An information disclosure vulnerability in the SD-WAN feature of Palo Alto Networks PAN-OS® software enables an unauthorized user to view unencrypted data sent from the firewall through the SD-WAN interface. This requires the user to be able to intercept packets sent from the firewall. Cloud NGFW and Prisma® Access are not affected by this vulnerability. • https://security.paloaltonetworks.com/CVE-2025-4229 • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 8.7EPSS: 0%CPEs: 3EXPL: 0CVE-2025-0137 – PAN-OS: Improper Neutralization of Input in the Management Web Interface
https://notcve.org/view.php?id=CVE-2025-0137
14 May 2025 — An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® software enables a malicious authenticated read-write administrator to impersonate another legitimate authenticated PAN-OS administrator. The attacker must have network access to the management web interface to exploit this issue. You greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended criti... • https://security.paloaltonetworks.com/CVE-2025-0137 • CWE-83: Improper Neutralization of Script in Attributes in a Web Page •
CVSS: 6.9EPSS: 0%CPEs: 3EXPL: 1CVE-2025-0133 – PAN-OS: Reflected Cross-Site Scripting (XSS) Vulnerability in GlobalProtect Gateway and Portal
https://notcve.org/view.php?id=CVE-2025-0133
14 May 2025 — A reflected cross-site scripting (XSS) vulnerability in the GlobalProtect™ gateway and portal features of Palo Alto Networks PAN-OS® software enables execution of malicious JavaScript in the context of an authenticated Captive Portal user's browser when they click on a specially crafted link. The primary risk is phishing attacks that can lead to credential theft—particularly if you enabled Clientless VPN. There is no availability impact to GlobalProtect features or GlobalProtect users. Attackers cannot use ... • https://github.com/dodiorne/cve-2025-0133 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0130 – PAN-OS: Firewall Denial-of-Service (DoS) in the Web-Proxy Feature via a Burst of Maliciously Crafted Packets
https://notcve.org/view.php?id=CVE-2025-0130
14 May 2025 — A missing exception check in Palo Alto Networks PAN-OS® software with the web proxy feature enabled allows an unauthenticated attacker to send a burst of maliciously crafted packets that causes the firewall to become unresponsive and eventually reboot. Repeated successful attempts to trigger this condition will cause the firewall to enter maintenance mode. This issue does not affect Cloud NGFW or Prisma Access. • https://security.paloaltonetworks.com/CVE-2025-0130 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 0CVE-2025-0123 – PAN-OS: Information Disclosure Vulnerability in HTTP/2 Packet Captures
https://notcve.org/view.php?id=CVE-2025-0123
11 Apr 2025 — A vulnerability in the Palo Alto Networks PAN-OS® software enables unlicensed administrators to view clear-text data captured using the packet capture feature https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-admin/monitoring/take-packet-captures/take-a-custom-packet-capture in decrypted HTTP/2 data streams traversing network interfaces on the firewall. HTTP/1.1 data streams are not impacted. In normal conditions, decrypted packet captures are available to firewall administrators after they obtain and in... • https://security.paloaltonetworks.com/CVE-2025-0123 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 8.7EPSS: 0%CPEs: 3EXPL: 0CVE-2025-0128 – PAN-OS: Firewall Denial of Service (DoS) Using a Specially Crafted Packet
https://notcve.org/view.php?id=CVE-2025-0128
11 Apr 2025 — A denial-of-service (DoS) vulnerability in the Simple Certificate Enrollment Protocol (SCEP) authentication feature of Palo Alto Networks PAN-OS® software enables an unauthenticated attacker to initiate system reboots using a maliciously crafted packet. Repeated attempts to initiate a reboot causes the firewall to enter maintenance mode. Cloud NGFW is not affected by this vulnerability. Prisma® Access software is proactively patched and protected from this issue. • https://security.paloaltonetworks.com/CVE-2025-0128 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-0126 – PAN-OS: Session Fixation Vulnerability in GlobalProtect SAML Login
https://notcve.org/view.php?id=CVE-2025-0126
11 Apr 2025 — When configured using SAML, a session fixation vulnerability in the GlobalProtect™ login enables an attacker to impersonate a legitimate authorized user and perform actions as that GlobalProtect user. This requires the legitimate user to first click on a malicious link provided by the attacker. The SAML login for the PAN-OS® management interface is not affected. Additionally, this issue does not affect Cloud NGFW and all Prisma® Access instances are proactively patched. • https://security.paloaltonetworks.com/CVE-2025-0126 • CWE-384: Session Fixation •
CVSS: 8.7EPSS: 0%CPEs: 4EXPL: 0CVE-2025-0125 – PAN-OS: Improper Neutralization of Input in the Management Web Interface
https://notcve.org/view.php?id=CVE-2025-0125
11 Apr 2025 — An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® software enables a malicious authenticated read-write administrator to impersonate another legitimate authenticated PAN-OS administrator. The attacker must have network access to the management web interface to exploit this issue. You greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended criti... • https://security.paloaltonetworks.com/CVE-2025-0125 • CWE-83: Improper Neutralization of Script in Attributes in a Web Page •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-0124 – PAN-OS: Authenticated File Deletion Vulnerability on the Management Web Interface
https://notcve.org/view.php?id=CVE-2025-0124
11 Apr 2025 — An authenticated file deletion vulnerability in the Palo Alto Networks PAN-OS® software enables an authenticated attacker with network access to the management web interface to delete certain files as the “nobody” user; this includes limited logs and configuration files but does not include system files. The attacker must have network access to the management web interface to exploit this issue. You greatly reduce the risk of this issue by restricting access to the management web interface to only trusted i... • https://security.paloaltonetworks.com/CVE-2025-0124 • CWE-73: External Control of File Name or Path •