| | Versions | Affected | Unaffected | | |
|---|
| 8.6 | PAN-SA-2025-0011
Chromium and Prisma Access Browser: Monthly Vulnerability Update (June 2025) | | | | 2025-06-11 | 2025-06-11 |
| 7.1 | CVE-2025-4232
GlobalProtect: Authenticated Code Injection Through Wildcard on macOS | GlobalProtect App GlobalProtect App 6.3 GlobalProtect App 6.2 GlobalProtect App 6.1 GlobalProtect App 6.0 | None on Windows, Linux, Android, iOS, Chrome OS < 6.3.3 on macOS < 6.2.8-h2 on macOS All on macOS All on macOS | All on Windows, Linux, Android, iOS, Chrome OS >= 6.3.3 on macOS >= 6.2.8-h2 on macOS [ETA June 2025] None on macOS None on macOS | 2025-06-11 | 2025-06-11 |
| 6.1 | CVE-2025-4231
PAN-OS: Authenticated Admin Command Injection Vulnerability in the Management Web Interface | Cloud NGFW PAN-OS 11.2 PAN-OS 11.1 PAN-OS 11.0 PAN-OS 10.2 PAN-OS 10.1 Prisma Access | None None None < 11.0.3 < 10.2.8 All None | All All All >= 11.0.3 >= 10.2.8 None All | 2025-06-11 | 2025-06-11 |
| 5.7 | CVE-2025-4230
PAN-OS: Authenticated Admin Command Injection Vulnerability Through CLI | Cloud NGFW PAN-OS 11.2 PAN-OS 11.1 PAN-OS 10.2 PAN-OS 10.1 Prisma Access | None < 11.2.6 < 11.1.10 < 10.2.14 < 10.1.14-h15 None | All >= 11.2.6 >= 11.1.10 >= 10.2.14 >= 10.1.14-h15 All | 2025-06-11 | 2025-06-11 |
| 2.3 | CVE-2025-4229
PAN-OS: Traffic Information Disclosure Vulnerability | Cloud NGFW PAN-OS 11.2 PAN-OS 11.1 PAN-OS 10.2 PAN-OS 10.1 Prisma Access | None < 11.2.7 < 11.1.10 < 10.2.17 < 10.1.14-h16 None | All >= 11.2.7 [ETA: June 2025] >= 11.1.10 >= 10.2.17 >= 10.1.14-h16 [ETA: July 2025] All | 2025-06-11 | 2025-06-11 |
| 1 | CVE-2025-4228
Cortex XDR Broker VM: Privilege Escalation (PE) Vulnerability | | | | 2025-06-11 | 2025-06-11 |
| 0.3 | CVE-2025-4227
GlobalProtect App: Interception in Endpoint Traffic Policy Enforcement | GlobalProtect App GlobalProtect App 6.3 GlobalProtect App 6.2 GlobalProtect App 6.1 GlobalProtect App 6.0 | None on Linux, Android, iOS, Chrome OS, UWP ¹ < 6.3.3-650 on Windows, macOS < 6.2.8-h2 (ETA: June, 2025) on Windows, macOS All on Windows, macOS All on Windows, macOS | All on Linux, Android, iOS, Chrome OS, UWP ¹ >= 6.3.3-650 on Windows, macOS >= 6.2.8-h2 (ETA: June, 2025) on Windows, macOS None on Windows, macOS None on Windows, macOS | 2025-06-11 | 2025-06-13 |
| 7.6 | PAN-SA-2025-0009
Chromium: Monthly Vulnerability Update (May 2025) | | | | 2025-05-14 | 2025-05-15 |
| 4.6 | CVE-2025-0130
PAN-OS: Firewall Denial-of-Service (DoS) in the Web-Proxy Feature via a Burst of Maliciously Crafted Packets | Cloud NGFW PAN-OS 11.2 PAN-OS 11.1 PAN-OS 10.2 PAN-OS 10.1 Prisma Access | None < 11.2.5 < 11.1.6-h1, < 11.1.7-h2, < 11.1.8 None None None | All >= 11.2.5 >= 11.1.6-h1, >= 11.1.7-h2, >= 11.1.8 All All All | 2025-05-14 | 2025-05-14 |
| 4 | CVE-2025-0131
GlobalProtect App: Incorrect Privilege Management Vulnerability in OPSWAT MetaDefender Endpoint Security SDK | MetaDefender Endpoint Security SDK 4.3.0 | | | 2025-05-14 | 2025-05-14 |
| 2.7 | CVE-2025-0132
Cortex XDR Broker VM: Unauthenticated User Can Disable Internal Services | Cortex XDR Broker VM 26.0.0 | | | 2025-05-14 | 2025-05-14 |
| 2 | CVE-2025-0133
PAN-OS: Reflected Cross-Site Scripting (XSS) Vulnerability in GlobalProtect Gateway and Portal | Cloud NGFW PAN-OS 11.2 PAN-OS 11.1 PAN-OS 10.2 PAN-OS 10.1 Prisma Access | None < 11.2.7 < 11.1.11 < 10.2.17 All None | All >= 11.2.7 [ETA June 2025] >= 11.1.11 [ETA July 2025] >= 10.2.17 [ETA August 2025] None All | 2025-05-14 | 2025-05-21 |
| 2.6 | CVE-2025-0134
Cortex XDR Broker VM: Authenticated Code Injection Vulnerability in Broker VM | Cortex XDR Broker VM 26.0.0 | | | 2025-05-14 | 2025-05-14 |
| 1.9 | CVE-2025-0135
GlobalProtect App on macOS: Non Admin User Can Disable the GlobalProtect App | GlobalProtect App GlobalProtect App 6.3 GlobalProtect App 6.2 GlobalProtect App 6.1 GlobalProtect App 6.0 GlobalProtect UWP App | None on Android, None on Chrome OS, None on iOS, None on Windows, None on Linux < 6.3.3 on macOS < 6.2.8 on macOS All on macOS All on macOS None | All on Android, All on Chrome OS, All on iOS, All on Windows, All on Linux >= 6.3.3 on macOS >= 6.2.8 on macOS None on macOS None on macOS All | 2025-05-14 | 2025-06-06 |
| 1.3 | CVE-2025-0136
PAN-OS: Unencrypted Data Transfer when using AES-128-CCM on Intel-based hardware devices | Cloud NGFW PAN-OS 11.2 PAN-OS 11.1 PAN-OS 11.0 PAN-OS 10.2 PAN-OS 10.1 Prisma Access | None None < 11.1.5 < 11.0.7 < 10.2.11 < 10.1.14-h14 None | All All >= 11.1.5 >= 11.0.7 >= 10.2.11 >= 10.1.14-h14 All | 2025-05-14 | 2025-05-14 |
| 1.1 | CVE-2025-0137
PAN-OS: Improper Neutralization of Input in the Management Web Interface | Cloud NGFW PAN-OS 11.2 PAN-OS 11.1 PAN-OS 10.2 PAN-OS 10.1 | None < 11.2.5 < 11.1.8 < 10.2.13 < 10.1.14-h14 | All >= 11.2.5 >= 11.1.8 >= 10.2.13 >= 10.1.14-h14 | 2025-05-14 | 2025-05-14 |
| 0.3 | CVE-2025-0138
Prisma Cloud Compute Edition: Insufficient Session Expiration Vulnerability in the Web Interface | Compute in Prisma Cloud Enterprise Edition Prisma Cloud Compute Edition | | | 2025-05-14 | 2025-05-14 |
| i | PAN-SA-2025-0010
Informational Bulletin: No Impact of the Marvin Attack on PAN-OS | | | | 2025-05-14 | 2025-05-14 |
| 4 | CVE-2025-0120
GlobalProtect App: Local Privilege Escalation (PE) Vulnerability | GlobalProtect App GlobalProtect App 6.3 GlobalProtect App 6.2 GlobalProtect App 6.1 GlobalProtect App 6.0 GlobalProtect UWP App | None on macOS, None on Linux, None on iOS, None on Android, None on Chrome OS < 6.3.3 on Windows < 6.2.7-1077 on Windows, < 6.2.8 on Windows All on Windows < 6.0.12 on Windows None | All on macOS, All on Linux, All on iOS, All on Android, All on Chrome OS >= 6.3.3 on Windows >= 6.2.7-1077 on Windows, >= 6.2.8 on Windows None on Windows >= 6.0.12 on Windows (ETA: May 2025) All | 2025-04-09 | 2025-05-02 |
| 4.3 | CVE-2025-0121
Cortex XDR Agent: Local Windows User Can Crash the Agent | Cortex XDR Agent 8.7 Cortex XDR Agent 8.6 Cortex XDR Agent 8.5 Cortex XDR Agent 8.3-CE Cortex XDR Agent 7.9-CE | None on Windows < 8.6.1 on Windows < 8.5.2 on Windows < 8.3.101-CE HF on Windows < 7.9.103-CE HF on Windows | All on Windows >= 8.6.1 on Windows >= 8.5.2 on Windows >= 8.3.101-CE HF on Windows >= 7.9.103-CE HF on Windows | 2025-04-09 | 2025-04-09 |
| 4.9 | CVE-2025-0122
Prisma SD-WAN: Denial of Service (DoS) Vulnerability Through Burst of Crafted Packets | Prisma SD-WAN 6.5 Prisma SD-WAN 6.4 Prisma SD-WAN 6.3 Prisma SD-WAN 6.2 Prisma SD-WAN 6.1 Prisma SD-WAN 5.6 | < 6.5.1 < 6.4.2 < 6.3.4 All < 6.1.10 All | >= 6.5.1 >= 6.4.2 >= 6.3.4 None >= 6.1.10 None | 2025-04-09 | 2025-04-15 |
| 1.9 | CVE-2025-0123
PAN-OS: Information Disclosure Vulnerability in HTTP/2 Packet Captures | Cloud NGFW PAN-OS 11.2 PAN-OS 11.1 PAN-OS 10.2 PAN-OS 10.1 Prisma Access | None < 11.2.6 < 11.1.8 < 10.2.15 < 10.1.14-h13 None | All >= 11.2.6 >= 11.1.8 >= 10.2.15 >= 10.1.14-h13 All | 2025-04-09 | 2025-04-09 |
| 2 | CVE-2025-0124
PAN-OS: Authenticated File Deletion Vulnerability on the Management Web Interface | Cloud NGFW PAN-OS 11.2 PAN-OS 11.1 PAN-OS 11.0 PAN-OS 10.2 PAN-OS 10.1 Prisma Access | All < 11.2.1 < 11.1.5 < 11.0.6 < 10.2.10 < 10.1.14-h11 None | None (ETA end of April) >= 11.2.1 >= 11.1.5 >= 11.0.6 >= 10.2.10 >= 10.1.14-h11 All | 2025-04-09 | 2025-04-09 |
| 4.4 | CVE-2025-0125
PAN-OS: Improper Neutralization of Input in the Management Web Interface | Cloud NGFW PAN-OS 11.2 PAN-OS 11.1 PAN-OS 11.0 PAN-OS 10.2 PAN-OS 10.1 Prisma Access | None < 11.2.5 < 11.1.5 < 11.0.6 < 10.2.10-h19, < 10.2.11 < 10.1.14-h11 None | All >= 11.2.5 >= 11.1.5 >= 11.0.6 >= 10.2.10-h19, >= 10.2.11 >= 10.1.14-h11 All | 2025-04-09 | 2025-06-12 |
| 5.6 | CVE-2025-0126
PAN-OS: Session Fixation Vulnerability in GlobalProtect SAML Login | Cloud NGFW PAN-OS 11.2 PAN-OS 11.1 PAN-OS 11.0 PAN-OS 10.2 PAN-OS 10.1 Prisma Access | None < 11.2.3 < 11.1.5 < 11.0.6 < 10.2.4-h25, < 10.2.9-h13, < 10.2.10-h6, < 10.2.11 < 10.1.14-h11 < 10.2.4-h36 on PAN-OS, < 10.2.10-h16 on PAN-OS, < 11.2.4-h5 on PAN-OS | All >= 11.2.3 >= 11.1.5 >= 11.0.6 >= 10.2.4-h25, >= 10.2.9-h13, >= 10.2.10-h6, >= 10.2.11 >= 10.1.14-h11 >= 10.2.4-h36 on PAN-OS, >= 10.2.10-h16 on PAN-OS, >= 11.2.4-h5 on PAN-OS | 2025-04-09 | 2025-04-09 |