CVE-2025-0123Cleartext Storage of Sensitive Info in Palo Alto Networks Pan-os

CWE-312Cleartext Storage of Sensitive Info4 documents4 sources
Severity
5.9MEDIUMNVD
EPSS
0.2%
top 60.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Palo Alto Networks Pan-osPaloalto Cloud NgfwPaloalto Pan-os+1 more
Timeline
PublishedApr 11

Description

A vulnerability in the Palo Alto Networks PAN-OS® software enables unlicensed administrators to view clear-text data captured using the packet capture feature https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-admin/monitoring/take-packet-captures/take-a-custom-packet-capture in decrypted HTTP/2 data streams traversing network interfaces on the firewall. HTTP/1.1 data streams are not impacted. In normal conditions, decrypted packet captures are available to firewall administrators after they

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:H/SI:N/SA:N

Affected Packages4 packages

CVEListV5palo_alto_networks/pan-os11.2.011.2.6+3
Palo Altopaloalto/pan-os

🔴Vulnerability Details

2
CVEList
PAN-OS: Information Disclosure Vulnerability in HTTP/2 Packet Captures2025-04-11
GHSA
GHSA-379r-vg26-3rr8: A vulnerability in the Palo Alto Networks PAN-OS® software enables unlicensed administrators to view clear-text data captured using the packet capture2025-04-11

📋Vendor Advisories

1
Palo Alto
PAN-OS: Information Disclosure Vulnerability in HTTP/2 Packet Captures
CVE-2025-0123 — Cleartext Storage of Sensitive Info | cvebase