CVE-2025-0130
published 2025-05-14CVE-2025-0130: A missing exception check in Palo Alto Networks PAN-OS® software with the web proxy feature enabled allows an unauthenticated attacker to send a burst of…
PriorityP346high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.36%
27.7th percentile
A missing exception check in Palo Alto Networks PAN-OS® software with the web proxy feature enabled allows an unauthenticated attacker to send a burst of maliciously crafted packets that causes the firewall to become unresponsive and eventually reboot. Repeated successful attempts to trigger this condition will cause the firewall to enter maintenance mode.
This issue does not affect Cloud NGFW or Prisma Access.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| palo_alto_networks | pan-os | >= 11.1.0 < 11.1.6-h1 | 11.1.6-h1 |
| palo_alto_networks | pan-os | >= 11.2.0 < 11.2.5 | 11.2.5 |
| paloalto | cloud_ngfw | — | — |
| paloalto | pan-os | — | — |
| paloalto | prisma_access | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | >= 11.1.0 < 11.1.6 | 11.1.6 |
| paloaltonetworks | pan-os | >= 11.2.0 < 11.2.5 | 11.2.5 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv4.08.2HIGHCVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:C/RE:L/U:Amber
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Palo Alto
PAN-OS: Firewall Denial-of-Service (DoS) in the Web-Proxy Feature via a Burst of Maliciously Crafted Packets
vendor_paloalto·2024-10-09·CVSS 8.2
CVE-2025-0130 [HIGH] CWE-754 PAN-OS: Firewall Denial-of-Service (DoS) in the Web-Proxy Feature via a Burst of Maliciously Crafted Packets
PAN-OS: Firewall Denial-of-Service (DoS) in the Web-Proxy Feature via a Burst of Maliciously Crafted Packets
A missing exception check in Palo Alto Networks PAN-OS® software with the web proxy feature enabled allows an unauthenticated attacker to send a burst of maliciously crafted packets that causes the firewall to become unresponsive and eventually reboot. Repeated successful attempts to trigger this condition will cause the firewall to enter maintenance mode.
This issue does not affect Cloud NGFW or Prisma Access.
Affected products: Cloud NGFW, PAN-OS, Prisma Access
Solution: VERSION MINOR VERSION SUGGESTED SOLUTION
PAN-OS 11.2 11.2.0 through 11.2.4 Upgrade to 11.2.5 or later.
PAN-OS 11.1 11.1.0 through 11.1.7 Upgrade to 11.1.7-h2 or 11.1.8 or later.
11.1.0 through 11.1.6 Upgrade t
VulDB
Palo Alto Cloud NGFW/PAN-OS/Prisma Access Packet unusual condition
vuldb·2026-06-01·CVSS 8.2
CVE-2025-0130 [HIGH] Palo Alto Cloud NGFW/PAN-OS/Prisma Access Packet unusual condition
A vulnerability was found in Palo Alto Cloud NGFW, PAN-OS and Prisma Access and classified as critical. Affected by this issue is some unknown functionality of the component Packet Handler. Executing a manipulation can lead to improper check for unusual conditions.
The identification of this vulnerability is CVE-2025-0130. The attack may be launched remotely. There is no exploit available.
GHSA
GHSA-6whp-h3pf-v3x5: A missing exception check in Palo Alto Networks PAN-OS® software with the web proxy feature enabled allows an unauthenticated attacker to send a burst
ghsa_unreviewed·2025-05-14
CVE-2025-0130 [HIGH] CWE-754 GHSA-6whp-h3pf-v3x5: A missing exception check in Palo Alto Networks PAN-OS® software with the web proxy feature enabled allows an unauthenticated attacker to send a burst
A missing exception check in Palo Alto Networks PAN-OS® software with the web proxy feature enabled allows an unauthenticated attacker to send a burst of maliciously crafted packets that causes the firewall to become unresponsive and eventually reboot. Repeated successful attempts to trigger this condition will cause the firewall to enter maintenance mode.
This issue does not affect Cloud NGFW or Prisma Access.
No detection rules found.
No public exploits indexed.
2025-05-14
Published