CVE-2025-0124
- EPSS 0.31%
- Veröffentlicht 11.04.2025 02:15:18
- Zuletzt bearbeitet 02.10.2025 15:16:35
An authenticated file deletion vulnerability in the Palo Alto Networks PAN-OS® software enables an authenticated attacker with network access to the management web interface to delete certain files as the “nobody” user; this includes limited logs and...
CVE-2025-0125
- EPSS 0.37%
- Veröffentlicht 11.04.2025 02:15:18
- Zuletzt bearbeitet 15.04.2026 00:35:42
An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® software enables a malicious authenticated read-write administrator to impersonate another legitimate authenticated PAN-OS administrator....
CVE-2025-0126
- EPSS 0.35%
- Veröffentlicht 11.04.2025 02:15:18
- Zuletzt bearbeitet 15.04.2026 00:35:42
When configured using SAML, a session fixation vulnerability in the GlobalProtect™ login enables an attacker to impersonate a legitimate authorized user and perform actions as that GlobalProtect user. This requires the legitimate user to first click ...
CVE-2025-0116
- EPSS 0.22%
- Veröffentlicht 12.03.2025 18:34:38
- Zuletzt bearbeitet 15.04.2026 00:35:42
A Denial of Service (DoS) vulnerability in Palo Alto Networks PAN-OS software causes the firewall to unexpectedly reboot when processing a specially crafted LLDP frame sent by an unauthenticated adjacent attacker. Repeated attempts to initiate this c...
CVE-2025-0115
- EPSS 0.18%
- Veröffentlicht 12.03.2025 18:30:13
- Zuletzt bearbeitet 15.04.2026 00:35:42
A vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated admin on the PAN-OS CLI to read arbitrary files. The attacker must have network access to the management interface (web, SSH, console, or telnet) and successfully aut...
CVE-2025-0114
- EPSS 0.38%
- Veröffentlicht 12.03.2025 18:20:05
- Zuletzt bearbeitet 22.10.2025 19:23:43
A Denial of Service (DoS) vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software enables an unauthenticated attacker to render the service unavailable by sending a large number of specially crafted packets over a period of t...
CVE-2025-0108
- EPSS 98.34%
- Veröffentlicht 12.02.2025 21:15:16
- Zuletzt bearbeitet 04.11.2025 16:49:25
An authentication bypass in the Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to bypass the authentication otherwise required by the PAN-OS management web interface and invo...
CVE-2025-0109
- EPSS 0.58%
- Veröffentlicht 12.02.2025 21:15:16
- Zuletzt bearbeitet 15.04.2026 00:35:42
An unauthenticated file deletion vulnerability in the Palo Alto Networks PAN-OS management web interface enables an unauthenticated attacker with network access to the management web interface to delete certain files as the “nobody” user; this includ...
CVE-2025-0111
- EPSS 1.86%
- Veröffentlicht 12.02.2025 21:15:16
- Zuletzt bearbeitet 04.11.2025 16:49:34
An authenticated file read vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated attacker with network access to the management web interface to read files on the PAN-OS filesystem that are readable by the “nobody” user. Y...
CVE-2025-0103
- EPSS 0.6%
- Veröffentlicht 11.01.2025 03:15:22
- Zuletzt bearbeitet 23.01.2026 22:03:57
An SQL injection vulnerability in Palo Alto Networks Expedition enables an authenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. This vulnerability also enables ...