CVE-2025-0123

EPSS 0.01%
Published 11.04.2025 17:43:05
Last modified 15.04.2025 18:39:43
Source psirt@paloaltonetworks.com
Teams watchlist Login
Open Login

A vulnerability in the Palo Alto Networks PAN-OS® software enables unlicensed administrators to view clear-text data captured using the packet capture feature https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-admin/monitoring/take-packet-captures/take-a-custom-packet-capture in decrypted HTTP/2 data streams traversing network interfaces on the firewall. HTTP/1.1 data streams are not impacted.

In normal conditions, decrypted packet captures are available to firewall administrators after they obtain and install a free Decryption Port Mirror license. The license requirement ensures that this feature can only be used after approved personnel purposefully activate the license. For more information, review how to configure decryption port mirroring https://docs.paloaltonetworks.com/network-security/decryption/administration/monitoring-decryption/configure-decryption-port-mirroring .

The administrator must obtain network access to the management interface (web, SSH, console, or telnet) and successfully authenticate to exploit this issue. Risk of this issue can be greatly reduced by restricting access to the management interface to only trusted administrators and from only internal IP addresses according to our recommended critical deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .

Customer firewall administrators do not have access to the packet capture feature in Cloud NGFW. This feature is available only to authorized Palo Alto Networks personnel permitted to perform troubleshooting.

Prisma® Access is not impacted by this vulnerability.

Affected products Warnungen 0 Metrics 2 CWE 1 References 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

VendorPalo Alto Networks

≫

Product Cloud NGFW

Default Statusunaffected

Version All

Status unaffected

VendorPalo Alto Networks

≫

Product PAN-OS

Default Statusunaffected

Version < 11.2.6

Version 11.2.0

Status affected

Version < 11.1.8

Version 11.1.0

Status affected

Version < 10.2.15

Version 10.2.0

Status affected

Version < 10.1.14-h13

Version 10.1.0

Status affected

VendorPalo Alto Networks

≫

Product Prisma Access

Default Statusunaffected

Version All

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.01%	0.009

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
psirt@paloaltonetworks.com	5.9	0	0	CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:A/V:D/RE:M/U:Amber

CWE-312 Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

https://security.paloaltonetworks.com/CVE-2025-0123

https://nvd.nist.gov/vuln/detail/CVE-2025-0123

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-0123

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-0123

EUVD