CVE-2025-0130 — Improper Check for Unusual or Exceptional Conditions in Palo Alto Networks Pan-os

CWE-754 — Improper Check for Unusual or Exceptional Conditions4 documents4 sources

Severity

8.2HIGHNVD

EPSS

0.3%

top 46.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Palo Alto Networks Pan-os Paloaltonetworks Pan-os Paloalto Cloud Ngfw +2 more

Timeline

PublishedMay 14

Description

A missing exception check in Palo Alto Networks PAN-OS® software with the web proxy feature enabled allows an unauthenticated attacker to send a burst of maliciously crafted packets that causes the firewall to become unresponsive and eventually reboot. Repeated successful attempts to trigger this condition will cause the firewall to enter maintenance mode. This issue does not affect Cloud NGFW or Prisma Access.

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Packages5 packages

▶Palo Altopaloalto/cloud_ngfw

▶Palo Altopaloalto/prisma_access

▶NVDpaloaltonetworks/pan-os11.1.0 — 11.1.6+2

▶CVEListV5palo_alto_networks/pan-os11.2.0 — 11.2.5+1

▶Palo Altopaloalto/pan-os

🔴Vulnerability Details

CVEList

PAN-OS: Firewall Denial-of-Service (DoS) in the Web-Proxy Feature via a Burst of Maliciously Crafted Packets↗2025-05-14

▶

GHSA

GHSA-6whp-h3pf-v3x5: A missing exception check in Palo Alto Networks PAN-OS® software with the web proxy feature enabled allows an unauthenticated attacker to send a burst↗2025-05-14

▶

📋Vendor Advisories

Palo Alto

PAN-OS: Firewall Denial-of-Service (DoS) in the Web-Proxy Feature via a Burst of Maliciously Crafted Packets↗2024-10-09

▶