CVE-2025-0137Improper Neutralization of Script in Attributes in a Web Page in Palo Alto Networks Pan-os

CWE-83Improper Neutralization of Script in Attributes in a Web Page5 documents5 sources
Severity
4.8MEDIUMNVD
EPSS
0.4%
top 41.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Palo Alto Networks Pan-osPaloalto Cloud NgfwPaloalto Pan-os+1 more
Timeline
PublishedMay 14

Description

An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® software enables a malicious authenticated read-write administrator to impersonate another legitimate authenticated PAN-OS administrator. The attacker must have network access to the management web interface to exploit this issue. You greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our rec

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/S:N

Affected Packages4 packages

CVEListV5palo_alto_networks/pan-os11.2.011.2.5+3
Palo Altopaloalto/pan-os

🔴Vulnerability Details

2
CVEList
PAN-OS: Improper Neutralization of Input in the Management Web Interface2025-05-14
GHSA
GHSA-8m4f-v87c-8xhm: An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® software enables a malicious authenti2025-05-14

📋Vendor Advisories

1
Palo Alto
PAN-OS: Improper Neutralization of Input in the Management Web Interface
CVE-2025-0137 — Palo Alto Networks Pan-os vulnerability | cvebase