CVE-2025-4619Improper Check for Unusual or Exceptional Conditions in Palo Alto Networks Pan-os

CWE-754Improper Check for Unusual or Exceptional Conditions4 documents4 sources
Severity
6.6MEDIUMNVD
EPSS
0.1%
top 75.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Palo Alto Networks Pan-osPalo Alto Networks Prisma AccessPaloalto Cloud Ngfw+2 more
Timeline
PublishedNov 13

Description

A denial-of-service (DoS) vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to reboot a firewall by sending a specially crafted packet through the dataplane. Repeated attempts to initiate a reboot causes the firewall to enter maintenance mode. This issue is applicable to the PAN-OS software versions listed below on PA-Series firewalls, VM-Series firewalls, and Prisma® Access software. This issue does not affect Cloud NGFW. ​​We have successfully completed

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Packages5 packages

CVEListV5palo_alto_networks/prisma_access10.2.010.2.10-h14
CVEListV5palo_alto_networks/pan-os11.2.011.2.5+2
Palo Altopaloalto/pan-os

🔴Vulnerability Details

2
GHSA
GHSA-44v8-gw29-gw95: A denial-of-service (DoS) vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to reboot a firewall by sending a sp2025-11-13
CVEList
PAN-OS: Firewall Denial of Service (DoS) Using Specially Crafted Packets2025-11-13

📋Vendor Advisories

1
Palo Alto
PAN-OS: Firewall Denial of Service (DoS) Using Specially Crafted Packets
CVE-2025-4619 — Palo Alto Networks Pan-os vulnerability | cvebase