CVE-2025-4229 — Exposure of Sensitive System Information to an Unauthorized Control Sphere in Palo Alto Networks Pan-os

CWE-497 — Exposure of Sensitive System Information to an Unauthorized Control Sphere4 documents4 sources

Severity

6.0MEDIUMNVD

EPSS

0.4%

top 40.22%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Palo Alto Networks Pan-os Paloalto Cloud Ngfw Paloalto Pan-os +1 more

Timeline

PublishedJun 13

Description

An information disclosure vulnerability in the SD-WAN feature of Palo Alto Networks PAN-OS® software enables an unauthorized user to view unencrypted data sent from the firewall through the SD-WAN interface. This requires the user to be able to intercept packets sent from the firewall. Cloud NGFW and Prisma® Access are not affected by this vulnerability.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Packages4 packages

▶Palo Altopaloalto/cloud_ngfw

▶CVEListV5palo_alto_networks/pan-os11.2.0 — 11.2.7+3

▶Palo Altopaloalto/prisma_access

▶Palo Altopaloalto/pan-os

🔴Vulnerability Details

CVEList

PAN-OS: Traffic Information Disclosure Vulnerability↗2025-06-13

▶

GHSA

GHSA-6358-8vph-jx32: An information disclosure vulnerability in the SD-WAN feature of Palo Alto Networks PAN-OS® software enables an unauthorized user to view unencrypted↗2025-06-13

▶

📋Vendor Advisories

Palo Alto

PAN-OS: Traffic Information Disclosure Vulnerability↗

▶