CVE-2025-0127
published 2025-04-11CVE-2025-0127: A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and run arbitrary…
PriorityP336high7.1CVSS 4.0
AVLACLATPPRHUINVCHVIHVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUNRUVDREMUAmber
EPSS
0.56%
42.2th percentile
A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. This issue is only applicable to PAN-OS VM-Series. This issue does not affect firewalls that are already deployed.
Cloud NGFW and Prisma® Access are not affected by this vulnerability.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| palo_alto_networks | pan-os | >= 10.1.0 < 10.1.14-h13 | 10.1.14-h13 |
| palo_alto_networks | pan-os | >= 10.2.0 < 10.2.9 | 10.2.9 |
| palo_alto_networks | pan-os | >= 11.0.0 < 11.0.4 | 11.0.4 |
| paloalto | cloud_ngfw | — | — |
| paloalto | pan-os | — | — |
| paloalto | prisma_access | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-8r53-w527-fcqp: A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and run
ghsa_unreviewed·2025-04-11
CVE-2025-0127 [HIGH] CWE-78 GHSA-8r53-w527-fcqp: A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and run
A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. This issue is only applicable to PAN-OS VM-Series. This issue does not affect firewalls that are already deployed.
Cloud NGFW and Prisma® Access are not affected by this vulnerability.
Palo Alto
PAN-OS: Authenticated Admin Command Injection Vulnerability in PAN-OS VM-Series
vendor_paloalto·CVSS 7.1
CVE-2025-0127 [HIGH] CWE-78 PAN-OS: Authenticated Admin Command Injection Vulnerability in PAN-OS VM-Series
PAN-OS: Authenticated Admin Command Injection Vulnerability in PAN-OS VM-Series
A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. This issue is only applicable to PAN-OS VM-Series. This issue does not affect firewalls that are already deployed.
Cloud NGFW and Prisma® Access are not affected by this vulnerability.
Affected products: Cloud NGFW, PAN-OS, Prisma Access
Solution:
VERSION MINOR VERSION SUGGESTED SOLUTION
PAN-OS 11.2 on VM-Series No action needed
PAN-OS 11.1 on VM-Series No action needed
PAN-OS 11.0 on VM-Series 11.0.0 through 11.0.3 Upgrade to 11.0.4 or later
PAN-OS 10.2 on VM-Series 10.2.0 through 10.2.8 Upgrade to 10.2.9 or later
PAN-OS 1
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-04-11
Published