Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2025-0133Cross-site Scripting in Palo Alto Networks Cloud Ngfw

CWE-79Cross-site Scripting7 documents7 sources
Severity
2.7LOWNVD
EPSS
1.8%
top 17.01%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
6
Palo Alto Networks Cloud NgfwPalo Alto Networks Pan-osPalo Alto Networks Prisma Access+3 more
Timeline
PublishedMay 14
Latest updateJan 12

Description

A reflected cross-site scripting (XSS) vulnerability in the GlobalProtect™ gateway and portal features of Palo Alto Networks PAN-OS® software enables execution of malicious JavaScript in the context of an authenticated Captive Portal user's browser when they click on a specially crafted link. The primary risk is phishing attacks that can lead to credential theft—particularly if you enabled Clientless VPN. There is no availability impact to GlobalProtect features or GlobalProtect users. Attacker

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/S:N

Affected Packages6 packages

CVEListV5palo_alto_networks/pan-os11.2.011.2.7+3
CVEListV5palo_alto_networks/cloud_ngfwAll11.2.8
Palo Altopaloalto/pan-os

🔴Vulnerability Details

2
GHSA
GHSA-r93p-9jjr-wjhj: A reflected cross-site scripting (XSS) vulnerability in the GlobalProtect™ gateway and portal features of Palo Alto Networks PAN-OS® software enables2025-05-14
CVEList
PAN-OS: Reflected Cross-Site Scripting (XSS) Vulnerability in GlobalProtect Gateway and Portal2025-05-14

💥Exploits & PoCs

1
Nuclei
PAN-OS - Reflected Cross-Site Scripting

🔍Detection Rules

1
Suricata
ET WEB_SPECIFIC_APPS Palo Alto PAN-OS Reflected Cross-Site Scripting (CVE-2025-0133)2025-09-26

📋Vendor Advisories

1
Palo Alto
PAN-OS: Reflected Cross-Site Scripting (XSS) Vulnerability in GlobalProtect Gateway and Portal

💬Community

1
HackerOne
Reflected XSS Vulnerability in SSL VPN Endpoint — CVE-2025-01332026-01-12
CVE-2025-0133 — Cross-site Scripting in Palo | cvebase