Palo Alto Networks Cloud Ngfw vulnerabilities
4 known vulnerabilities affecting palo_alto_networks/cloud_ngfw.
Total CVEs
4
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
MEDIUM2LOW2
Vulnerabilities
Page 1 of 1
CVE-2025-0133P3LOWCVSS 2.7PoC≥ All, < 11.2.82025-05-14
CVE-2025-0133 [LOW] CWE-79 CVE-2025-0133: A reflected cross-site scripting (XSS) vulnerability in the GlobalProtect™ gateway and portal featur
A reflected cross-site scripting (XSS) vulnerability in the GlobalProtect™ gateway and portal features of Palo Alto Networks PAN-OS® software enables execution of malicious JavaScript in the context of an authenticated Captive Portal user's browser when they click on a specially crafted link. The primary risk is phishing attacks that can lead to credentia
nvd
CVE-2024-5913P4MEDIUMCVSS 6.8vNone2024-07-10
CVE-2024-5913 [MEDIUM] CWE-20 CVE-2024-5913: An improper input validation vulnerability in Palo Alto Networks PAN-OS software enables an attacker
An improper input validation vulnerability in Palo Alto Networks PAN-OS software enables an attacker with the ability to tamper with the physical file system to elevate privileges.
nvd
CVE-2024-5916P4MEDIUMCVSS 4.4vBefore 8/15vBefore 8/232024-08-14
CVE-2024-5916 [MEDIUM] CWE-313 CVE-2024-5916: An information exposure vulnerability in Palo Alto Networks PAN-OS software enables a local system a
An information exposure vulnerability in Palo Alto Networks PAN-OS software enables a local system administrator to unintentionally disclose secrets, passwords, and tokens of external systems. A read-only administrator who has access to the config log, can read secrets, passwords, and tokens to external systems.
nvd
CVE-2025-0124P4LOWCVSS 3.8vAll2025-04-11
CVE-2025-0124 [LOW] CWE-73 CVE-2025-0124: An authenticated file deletion vulnerability in the Palo Alto Networks PAN-OS® software enables an a
An authenticated file deletion vulnerability in the Palo Alto Networks PAN-OS® software enables an authenticated attacker with network access to the management web interface to delete certain files as the “nobody” user; this includes limited logs and configuration files but does not include system files.
The attacker must have network access to the manag
nvd