4.8
CVE-2025-4614
- EPSS 0.04%
- Veröffentlicht 09.10.2025 18:13:22
- Zuletzt bearbeitet 06.02.2026 17:13:34
- Quelle psirt@paloaltonetworks.com
- CVE-Watchlists
- Unerledigt
PAN-OS: Session Token Disclosure Vulnerability
An information disclosure vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to view session tokens of users authenticated to the firewall web UI. This may allow impersonation of users whose session tokens are leaked. The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators. Cloud NGFW and Prisma® Access are not affected by this vulnerability.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Paloaltonetworks ≫ Pan-os Version >= 10.2.0 < 10.2.17
Paloaltonetworks ≫ Pan-os Version >= 11.1.0 < 11.1.6
Paloaltonetworks ≫ Pan-os Version >= 11.2.0 < 11.2.8
Paloaltonetworks ≫ Pan-os Version11.1.6 Update-
Paloaltonetworks ≫ Pan-os Version11.1.6 Updateh1
Paloaltonetworks ≫ Pan-os Version11.1.6 Updateh10
Paloaltonetworks ≫ Pan-os Version11.1.6 Updateh14
Paloaltonetworks ≫ Pan-os Version11.1.6 Updateh17
Paloaltonetworks ≫ Pan-os Version11.1.6 Updateh19
Paloaltonetworks ≫ Pan-os Version11.1.6 Updateh20
Paloaltonetworks ≫ Pan-os Version11.1.6 Updateh3
Paloaltonetworks ≫ Pan-os Version11.1.6 Updateh4
Paloaltonetworks ≫ Pan-os Version11.1.6 Updateh5
Paloaltonetworks ≫ Pan-os Version11.1.6 Updateh6
Paloaltonetworks ≫ Pan-os Version11.1.6 Updateh7
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.04% | 0.11 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 2.7 | 1.2 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
|
| psirt@paloaltonetworks.com | 4.8 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:M/U:Amber
|
CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere
The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does.