Filtered by vendor Palo Alto Networks
                         Subscriptions
                    
                    
                
                        Filtered by product Pan-os
                         Subscriptions
                    
                    
                
                    Total
                    6 CVE
                
            | CVE | Vendors | Products | Updated | CVSS v3.1 | 
|---|---|---|---|---|
| CVE-2025-4614 | 2 Palo Alto Networks, Paloaltonetworks | 2 Pan-os, Pan-os | 2025-10-22 | 2.7 Low | 
| An information disclosure vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to view session tokens of users authenticated to the firewall web UI. This may allow impersonation of users whose session tokens are leaked. The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators. Cloud NGFW and Prisma® Access are not affected by this vulnerability. | ||||
| CVE-2025-4231 | 2 Palo Alto Networks, Paloaltonetworks | 2 Pan-os, Pan-os | 2025-10-22 | 7.2 High | 
| A command injection vulnerability in Palo Alto Networks PAN-OS® enables an authenticated administrative user to perform actions as the root user. The attacker must have network access to the management web interface and successfully authenticate to exploit this issue. Cloud NGFW and Prisma Access are not impacted by this vulnerability. | ||||
| CVE-2025-2182 | 1 Palo Alto Networks | 1 Pan-os | 2025-08-13 | N/A | 
| A problem with the implementation of the MACsec protocol in Palo Alto Networks PAN-OS® results in the cleartext exposure of the connectivity association key (CAK). This issue is only applicable to PA-7500 Series devices which are in an NGFW cluster. A user who possesses this key can read messages being sent between devices in a NGFW Cluster. There is no impact in non-clustered firewalls or clusters of firewalls that do not enable MACsec. | ||||
| CVE-2024-5911 | 1 Palo Alto Networks | 1 Pan-os | 2025-07-13 | N/A | 
| An arbitrary file upload vulnerability in Palo Alto Networks Panorama software enables an authenticated read-write administrator with access to the web interface to disrupt system processes and crash the Panorama. Repeated attacks eventually cause the Panorama to enter maintenance mode, which requires manual intervention to bring the Panorama back online. | ||||
| CVE-2025-4230 | 1 Palo Alto Networks | 1 Pan-os | 2025-06-16 | N/A | 
| A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. To be able to exploit this issue, the user must have access to the PAN-OS CLI. The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators. Cloud NGFW and Prisma® Access are not affected by this vulnerability. | ||||
| CVE-2025-4229 | 1 Palo Alto Networks | 1 Pan-os | 2025-06-16 | N/A | 
| An information disclosure vulnerability in the SD-WAN feature of Palo Alto Networks PAN-OS® software enables an unauthorized user to view unencrypted data sent from the firewall through the SD-WAN interface. This requires the user to be able to intercept packets sent from the firewall. Cloud NGFW and Prisma® Access are not affected by this vulnerability. | ||||
                            
                                
                                
                                    Page 1 of 1.