CVE-2025-4614
Last modified
CVE-2025-4614 is a medium-severity vulnerability rated 4.8/10 on the CVSS scale. An information disclosure vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to view session tokens of users authenticated to the firewall web UI. This may allow impersonation of users whose session tokens are leaked. EPSS estimates a 0.22% chance of exploitation in the next 30 days.
Description
An information disclosure vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to view session tokens of users authenticated to the firewall web UI. This may allow impersonation of users whose session tokens are leaked. The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators. Cloud NGFW and Prisma® Access are not affected by this vulnerability.
Metrics
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:M/U:Amber
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Paloaltonetworks | Pan-Os | >= 10.2.0, < 10.2.17 |
| Paloaltonetworks | Pan-Os | >= 11.1.0, < 11.1.6 |
| Paloaltonetworks | Pan-Os | >= 11.2.0, < 11.2.8 |
| Paloaltonetworks | Pan-Os | 11.1.6 |
References
- https://security.paloaltonetworks.com/CVE-2025-4614Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-4614?
How severe is CVE-2025-4614?
How do I fix CVE-2025-4614?
Are you affected by CVE-2025-4614?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST