CVE-2025-4229
published 2025-06-13CVE-2025-4229: An information disclosure vulnerability in the SD-WAN feature of Palo Alto Networks PAN-OS® software enables an unauthorized user to view unencrypted data sent…
PriorityP430medium6CVSS 4.0
AVNACLATPPRNUIPVCHVINVANSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUNRUVDREXUAmber
EPSS
0.41%
32.8th percentile
An information disclosure vulnerability in the SD-WAN feature of Palo Alto Networks PAN-OS® software enables an unauthorized user to view unencrypted data sent from the firewall through the SD-WAN interface. This requires the user to be able to intercept packets sent from the firewall.
Cloud NGFW and Prisma® Access are not affected by this vulnerability.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| palo_alto_networks | pan-os | >= 10.1.0 < 10.1.14-h16 | 10.1.14-h16 |
| palo_alto_networks | pan-os | >= 10.2.0 < 10.2.17 | 10.2.17 |
| palo_alto_networks | pan-os | >= 11.1.0 < 11.1.10 | 11.1.10 |
| palo_alto_networks | pan-os | >= 11.2.0 < 11.2.7 | 11.2.7 |
| paloalto | cloud_ngfw | — | — |
| paloalto | pan-os | — | — |
| paloalto | prisma_access | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Palo Alto
PAN-OS: Traffic Information Disclosure Vulnerability
vendor_paloalto·CVSS 6.0
CVE-2025-4229 [MEDIUM] CWE-497 PAN-OS: Traffic Information Disclosure Vulnerability
PAN-OS: Traffic Information Disclosure Vulnerability
An information disclosure vulnerability in the SD-WAN feature of Palo Alto Networks PAN-OS® software enables an unauthorized user to view unencrypted data sent from the firewall through the SD-WAN interface. This requires the user to be able to intercept packets sent from the firewall.
Cloud NGFW and Prisma® Access are not affected by this vulnerability.
Affected products: Cloud NGFW, PAN-OS, Prisma Access
Solution: VERSION MINOR VERSION SUGGESTED SOLUTION
Cloud NGFW All No action needed.
PAN-OS 11.2 11.2.0 through 11.2.6 Upgrade to 11.2.7 or later.
PAN-OS 11.1 11.1.0 through 11.1.9 Upgrade to 11.1.10 or later.
PAN-OS 10.2 10.2.0 through 10.2.16 Upgrade to 10.2.16-h1 or 10.2.17 or later.
PAN-OS 10.1 10.1.0 through 10.1.14 Upgrade to
GHSA
GHSA-6358-8vph-jx32: An information disclosure vulnerability in the SD-WAN feature of Palo Alto Networks PAN-OS® software enables an unauthorized user to view unencrypted
ghsa_unreviewed·2025-06-13
CVE-2025-4229 [MEDIUM] CWE-497 GHSA-6358-8vph-jx32: An information disclosure vulnerability in the SD-WAN feature of Palo Alto Networks PAN-OS® software enables an unauthorized user to view unencrypted
An information disclosure vulnerability in the SD-WAN feature of Palo Alto Networks PAN-OS® software enables an unauthorized user to view unencrypted data sent from the firewall through the SD-WAN interface. This requires the user to be able to intercept packets sent from the firewall.
Cloud NGFW and Prisma® Access are not affected by this vulnerability.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-06-13
Published