Paloalto Cloud Ngfw vulnerabilities

CVE-2025-4615 [MEDIUM] CWE-83 PAN-OS: Improper Neutralization of Input in the Management Web Interface PAN-OS: Improper Neutralization of Input in the Management Web Interface An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and execute arbitrary commands. The security risk posed by this issue is significantly minimized when CLI access is restricted to a

CVE-2026-0229 [MEDIUM] CWE-754 PAN-OS: Denial of Service in Advanced DNS Security Feature PAN-OS: Denial of Service in Advanced DNS Security Feature A denial-of-service (DoS) vulnerability in the Advanced DNS Security (ADNS) feature of Palo Alto Networks PAN-OS® software enables an unauthenticated attacker to initiate system reboots using a maliciously crafted packet. Repeated attempts to initiate a reboot causes the firewall to enter maintenance mode. Panorama, Cloud NGFW, and Prisma Access®

CVE-2026-0228 [LOW] CWE-295 PAN-OS: Improper Validation of Terminal Server Agent Certificate PAN-OS: Improper Validation of Terminal Server Agent Certificate An improper certificate validation vulnerability in PAN-OS allows users to connect Terminal Server Agents on Windows to PAN-OS using expired certificates even if the PAN-OS configuration would not normally permit them to do so. Affected products: Cloud NGFW, PAN-OS, Prisma Access Solution: VERSION MINOR VERSION SUGGESTED SOLUTION Cloud N

CVE-2024-5917 [LOW] CWE-918 PAN-OS: Server-Side Request Forgery in WildFire PAN-OS: Server-Side Request Forgery in WildFire A server-side request forgery in PAN-OS software enables an authenticated attacker to use the administrative web interface as a proxy, which enables the attacker to view internal network resources not otherwise accessible. Affected products: Cloud NGFW, PAN-OS Solution: This issue is fixed in PAN-OS 10.1.7, PAN-OS 10.2.2, and all later PAN-OS versions. Workaround: Rec

CVE-2025-0133 [LOW] CWE-79 PAN-OS: Reflected Cross-Site Scripting (XSS) Vulnerability in GlobalProtect Gateway and Portal PAN-OS: Reflected Cross-Site Scripting (XSS) Vulnerability in GlobalProtect Gateway and Portal A reflected cross-site scripting (XSS) vulnerability in the GlobalProtect™ gateway and portal features of Palo Alto Networks PAN-OS® software enables execution of malicious JavaScript in the context of an authenticated Captive Portal user's browser when they click on a specially cr