Palo Alto Networks Cloud Ngfw vulnerabilities

CVE-2025-0133 [LOW] CWE-79 CVE-2025-0133: A reflected cross-site scripting (XSS) vulnerability in the GlobalProtect™ gateway and portal featur A reflected cross-site scripting (XSS) vulnerability in the GlobalProtect™ gateway and portal features of Palo Alto Networks PAN-OS® software enables execution of malicious JavaScript in the context of an authenticated Captive Portal user's browser when they click on a specially crafted link. The primary risk is phishing attacks that can lead to credentia

CVE-2025-0124 [MEDIUM] CWE-73 CVE-2025-0124: An authenticated file deletion vulnerability in the Palo Alto Networks PAN-OS® software enables an a An authenticated file deletion vulnerability in the Palo Alto Networks PAN-OS® software enables an authenticated attacker with network access to the management web interface to delete certain files as the “nobody” user; this includes limited logs and configuration files but does not include system files. The attacker must have network access to the ma

CVE-2024-5916 [MEDIUM] CWE-313 CVE-2024-5916: An information exposure vulnerability in Palo Alto Networks PAN-OS software enables a local system a An information exposure vulnerability in Palo Alto Networks PAN-OS software enables a local system administrator to unintentionally disclose secrets, passwords, and tokens of external systems. A read-only administrator who has access to the config log, can read secrets, passwords, and tokens to external systems.

CVE-2024-5913 [MEDIUM] CWE-20 CVE-2024-5913: An improper input validation vulnerability in Palo Alto Networks PAN-OS software enables an attacker An improper input validation vulnerability in Palo Alto Networks PAN-OS software enables an attacker with the ability to tamper with the physical file system to elevate privileges.