CVE-2025-4615

Summary

An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and execute arbitrary commands.

The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators.

Cloud NGFW and Prisma® Access are not affected by this vulnerability.

Affected Software

VendorProductVersion RangeStatus
Palo Alto NetworksCloud NGFWAllunaffected
Palo Alto NetworksPAN-OS12.1.0unaffected
Palo Alto NetworksPAN-OS11.2.0 < 11.2.8affected
Palo Alto NetworksPAN-OS11.1.0 < 11.1.4-h27affected
Palo Alto NetworksPAN-OS10.2.0 < 10.2.17affected
Palo Alto NetworksPrisma AccessAllunaffected

Weaknesses

  • CWE-83: CWE-83 Improper Neutralization of Script in Attributes in a Web Page

Workarounds

No known workarounds exist for this issue.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References