CVE-2025-4229

Summary

An information disclosure vulnerability in the SD-WAN feature of Palo Alto Networks PAN-OS® software enables an unauthorized user to view unencrypted data sent from the firewall through the SD-WAN interface. This requires the user to be able to intercept packets sent from the firewall.

Cloud NGFW and Prisma® Access are not affected by this vulnerability.

Affected Software

VendorProductVersion RangeStatus
Palo Alto NetworksCloud NGFWAllunaffected
Palo Alto NetworksPAN-OS11.2.0 < 11.2.7affected
Palo Alto NetworksPAN-OS11.1.0 < 11.1.10affected
Palo Alto NetworksPAN-OS10.2.0 < 10.2.17affected
Palo Alto NetworksPAN-OS10.1.0 < 10.1.14-h16affected
Palo Alto NetworksPrisma AccessAllunaffected

Weaknesses

  • CWE-497: CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere

Workarounds

If you are not using the SD-WAN feature of PAN-OS, you can mitigate this issue by disabling the SD-WAN feature. To disable SD-WAN feature, see our documentation about  uninstalling SD-WAN plugin https://docs.paloaltonetworks.com/sd-wan/activation-and-onboarding/uninstall-the-sd-wan-plugin .

If you are using the SD-WAN feature but do not need Direct Internet Access, you can mitigate the issue by disabling Direct Internet Access on the SD-WAN Interface Profile by backhauling your internet traffic to SD-WAN hub https://docs.paloaltonetworks.com/sd-wan/administration/configure-direct-internet-access/backhaul-your-internet-traffic-to-sd-wan-hub .

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References