CVE-2025-4231
published 2025-06-13CVE-2025-4231: A command injection vulnerability in Palo Alto Networks PAN-OS® enables an authenticated administrative user to perform actions as the root user. The attacker…
PriorityP350high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
1.02%
59.2th percentile
A command injection vulnerability in Palo Alto Networks PAN-OS® enables an authenticated administrative user to perform actions as the root user.
The attacker must have network access to the management web interface and successfully authenticate to exploit this issue.
Cloud NGFW and Prisma Access are not impacted by this vulnerability.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| palo_alto_networks | pan-os | — | — |
| palo_alto_networks | pan-os | >= 10.2.0 < 10.2.8 | 10.2.8 |
| palo_alto_networks | pan-os | >= 11.0.0 < 11.0.3 | 11.0.3 |
| paloalto | cloud_ngfw | — | — |
| paloalto | pan-os | — | — |
| paloalto | prisma_access | — | — |
| paloaltonetworks | pan-os | >= 10.2.0 < 10.2.8 | 10.2.8 |
| paloaltonetworks | pan-os | >= 11.0.0 < 11.0.3 | 11.0.3 |
CVSS provenance
nvdv3.17.2HIGHCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv4.08.6HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:M/U:Amber
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-vm6c-rqg9-5qqr: A command injection vulnerability in Palo Alto Networks PAN-OS® enables an authenticated administrative user to perform actions as the root user
ghsa_unreviewed·2025-06-13
CVE-2025-4231 [HIGH] CWE-77 GHSA-vm6c-rqg9-5qqr: A command injection vulnerability in Palo Alto Networks PAN-OS® enables an authenticated administrative user to perform actions as the root user
A command injection vulnerability in Palo Alto Networks PAN-OS® enables an authenticated administrative user to perform actions as the root user.
The attacker must have network access to the management web interface and successfully authenticate to exploit this issue.
Cloud NGFW and Prisma Access are not impacted by this vulnerability.
Palo Alto
PAN-OS: Authenticated Admin Command Injection Vulnerability in the Management Web Interface
vendor_paloalto·CVSS 8.6
CVE-2025-4231 [HIGH] CWE-77 PAN-OS: Authenticated Admin Command Injection Vulnerability in the Management Web Interface
PAN-OS: Authenticated Admin Command Injection Vulnerability in the Management Web Interface
A command injection vulnerability in Palo Alto Networks PAN-OS® enables an authenticated administrative user to perform actions as the root user.
The attacker must have network access to the management web interface and successfully authenticate to exploit this issue.
Cloud NGFW and Prisma Access are not impacted by this vulnerability.
Affected products: Cloud NGFW, PAN-OS, Prisma Access
Solution: VERSION MINOR VERSION SUGGESTED SOLUTION
PAN-OS 11.2 No action needed.
PAN-OS 11.1 No action needed.
PAN-OS 11.0* 11.0.0 through 11.0.2 Upgrade to 11.0.3 or later.
PAN-OS 10.2 10.2.0 through 10.2.7 Upgrade to 10.2.8 or later.
PAN-OS 10.1 Upgrade to 10.2.8 or 11.0.3 or later.
All older Upgrade to a sup
No detection rules found.
No public exploits indexed.
2025-06-13
Published