cbcvebase.
CVE-2025-0130
published 2025-05-14

CVE-2025-0130: A missing exception check in Palo Alto Networks PAN-OS® software with the web proxy feature enabled allows an unauthenticated attacker to send a burst of…

PriorityP346high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.36%
27.7th percentile
A missing exception check in Palo Alto Networks PAN-OS® software with the web proxy feature enabled allows an unauthenticated attacker to send a burst of maliciously crafted packets that causes the firewall to become unresponsive and eventually reboot. Repeated successful attempts to trigger this condition will cause the firewall to enter maintenance mode. This issue does not affect Cloud NGFW or Prisma Access.

Affected

8 ranges
VendorProductVersion rangeFixed in
palo_alto_networkspan-os>= 11.1.0 < 11.1.6-h111.1.6-h1
palo_alto_networkspan-os>= 11.2.0 < 11.2.511.2.5
paloaltocloud_ngfw
paloaltopan-os
paloaltoprisma_access
paloaltonetworkspan-os
paloaltonetworkspan-os>= 11.1.0 < 11.1.611.1.6
paloaltonetworkspan-os>= 11.2.0 < 11.2.511.2.5

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv4.08.2HIGHCVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:C/RE:L/U:Amber
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.