CVE-2025-4231
Last modified
CVE-2025-4231 is a high-severity vulnerability rated 8.6/10 on the CVSS scale. A command injection vulnerability in Palo Alto Networks PAN-OS® enables an authenticated administrative user to perform actions as the root user. The attacker must have network access to the management web interface and successfully authenticate to exploit this issue. Cloud NGFW and Prisma Access are not impacted by this vulnerability.. EPSS estimates a 1.02% chance of exploitation in the next 30 days.
Description
A command injection vulnerability in Palo Alto Networks PAN-OS® enables an authenticated administrative user to perform actions as the root user. The attacker must have network access to the management web interface and successfully authenticate to exploit this issue. Cloud NGFW and Prisma Access are not impacted by this vulnerability.
Metrics
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:M/U:Amber
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Paloaltonetworks | Pan-Os | >= 10.2.0, < 10.2.8 |
| Paloaltonetworks | Pan-Os | >= 11.0.0, < 11.0.3 |
References
- https://security.paloaltonetworks.com/CVE-2025-4231Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-4231?
How severe is CVE-2025-4231?
How do I fix CVE-2025-4231?
Are you affected by CVE-2025-4231?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST