CVE-2025-0130
Last modified
CVE-2025-0130 is a high-severity vulnerability rated 8.2/10 on the CVSS scale. A missing exception check in Palo Alto Networks PAN-OS® software with the web proxy feature enabled allows an unauthenticated attacker to send a burst of maliciously crafted packets that causes the firewall to become unresponsive and eventually reboot. Repeated successful attempts to trigger this condition will cause the firewall to enter maintenance mode. This issue does not affect Cloud NGFW or Prisma Access.. EPSS estimates a 0.36% chance of exploitation in the next 30 days.
Description
A missing exception check in Palo Alto Networks PAN-OS® software with the web proxy feature enabled allows an unauthenticated attacker to send a burst of maliciously crafted packets that causes the firewall to become unresponsive and eventually reboot. Repeated successful attempts to trigger this condition will cause the firewall to enter maintenance mode. This issue does not affect Cloud NGFW or Prisma Access.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:C/RE:L/U:Amber
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Paloaltonetworks | Pan-Os | >= 11.1.0, < 11.1.6 | — |
| Paloaltonetworks | Pan-Os | >= 11.2.0, < 11.2.5 | H1 |
| Paloaltonetworks | Pan-Os | 11.1.7 | — |
References
- https://security.paloaltonetworks.com/CVE-2025-0130Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2025-0130?
How severe is CVE-2025-0130?
How do I fix CVE-2025-0130?
Are you affected by CVE-2025-0130?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST