Palo Alto Networks: Vulnerabilities in PAN-OS jeopardize firewalls
Vulnerabilities in the PAN-OS firewall operating system threaten networks. Security updates are available for download.
(Image: Photon photo/Shutterstock.com)
Attackers can exploit several vulnerabilities in PAN-OS from Palo Alto Networks and attack firewalls. The developers have also closed a gap in the GlobalProtect app.
More dangerous than stated
Admins can find further information on vulnerable and patched versions in the warning messages linked below this message. In general, the IT security company only provides the CVSS 4.0 BT score (Base + Threat, formerly Temporal Score) in these alerts, which is unusual. Palo Alto therefore classifies the majority of vulnerabilities as"medium" threat level.
However, a look at the CVSS Base Score usually used for classification shows that the threat level for four vulnerabilities (PAN-OS: CVE-2025-0128, CVE-2025-0126, CVE-2025-0127, GlobalProtect App: CVE-2025-0120) is"high".
Effects of attacks
Due to errors in the Simple Certificate Enrollment Protocol (SCEP) authentication feature, attackers can trigger a DoS state without logging in by sending prepared packets. Firewalls then restart in maintenance mode. As a result, the device can no longer protect networks.
A SAML vulnerability can give attackers more rights. To do this, however, a victim must play along and click on a prepared link. PAN-OS VM-Series is susceptible to root malware attacks. However, an attacker must already be an admin.
GlobalProtect App has a gap in rights management that allows attackers to gain system rights. However, a local attacker must already be authenticated and "win" a race condition. Attacks are therefore not possible without further ado.
Videos by heise
So far, there are no reports of known attacks on the vulnerabilities. Admins should install the security updates listed in the warning messages as soon as possible.
The list of security notifications, sorted by threat level of the vulnerabilities in descending order:
- CVE-2025-0128 PAN-OS: Firewall Denial of Service (DoS) Using a Specially Crafted Packet
- CVE-2025-0126 PAN-OS: Session Fixation Vulnerability in GlobalProtect SAML Login
- CVE-2025-0125 PAN-OS: Improper Neutralization of Input in the Management Web Interface
- CVE-2025-0120 GlobalProtect App: Local Privilege Escalation (PE) Vulnerability
- CVE-2025-0127 PAN-OS: Authenticated Admin Command Injection Vulnerability in PAN-OS VM-Series
- CVE-2025-0124 PAN-OS: Authenticated File Deletion Vulnerability on the Management Web Interface
- CVE-2025-0123 PAN-OS: Information Disclosure Vulnerability in HTTP/2 Packet Captures
(des)
