| | Versions | Affected | Unaffected | | |
|---|
| 6.1 | CVE-2025-4231
PAN-OS: Authenticated Admin Command Injection Vulnerability in the Management Web Interface | Cloud NGFW PAN-OS 11.2 PAN-OS 11.1 PAN-OS 11.0 PAN-OS 10.2 PAN-OS 10.1 Prisma Access | None None None < 11.0.3 < 10.2.8 All None | All All All >= 11.0.3 >= 10.2.8 None All | 2025-06-11 | 2025-06-11 |
| 5.7 | CVE-2025-4230
PAN-OS: Authenticated Admin Command Injection Vulnerability Through CLI | Cloud NGFW PAN-OS 11.2 PAN-OS 11.1 PAN-OS 10.2 PAN-OS 10.1 Prisma Access | None < 11.2.6 < 11.1.10 < 10.2.14 < 10.1.14-h15 None | All >= 11.2.6 >= 11.1.10 >= 10.2.14 >= 10.1.14-h15 All | 2025-06-11 | 2025-06-11 |
| 2.3 | CVE-2025-4229
PAN-OS: Traffic Information Disclosure Vulnerability | Cloud NGFW PAN-OS 11.2 PAN-OS 11.1 PAN-OS 10.2 PAN-OS 10.1 Prisma Access | None < 11.2.7 < 11.1.10 < 10.2.16-h1, < 10.2.17 < 10.1.14-h16 None | All >= 11.2.7 [ETA: June 2025] >= 11.1.10 >= 10.2.16-h1 [ETA: June 2025], >= 10.2.17 [ETA: Aug 2025] >= 10.1.14-h16 [ETA: July 2025] All | 2025-06-11 | 2025-06-11 |
| 4.6 | CVE-2025-0130
PAN-OS: Firewall Denial-of-Service (DoS) in the Web-Proxy Feature via a Burst of Maliciously Crafted Packets | Cloud NGFW PAN-OS 11.2 PAN-OS 11.1 PAN-OS 10.2 PAN-OS 10.1 Prisma Access | None < 11.2.5 < 11.1.6-h1, < 11.1.7-h2, < 11.1.8 None None None | All >= 11.2.5 >= 11.1.6-h1, >= 11.1.7-h2, >= 11.1.8 All All All | 2025-05-14 | 2025-05-14 |
| 2 | CVE-2025-0133
PAN-OS: Reflected Cross-Site Scripting (XSS) Vulnerability in GlobalProtect Gateway and Portal | Cloud NGFW PAN-OS 11.2 PAN-OS 11.1 PAN-OS 10.2 PAN-OS 10.1 Prisma Access | None < 11.2.7 < 11.1.11 < 10.2.17 All None | All >= 11.2.7 >= 11.1.11 [ETA September 2025] >= 10.2.17 [ETA October 2025] None All | 2025-05-14 | 2025-06-18 |
| 1.3 | CVE-2025-0136
PAN-OS: Unencrypted Data Transfer when using AES-128-CCM on Intel-based hardware devices | Cloud NGFW PAN-OS 11.2 PAN-OS 11.1 PAN-OS 11.0 PAN-OS 10.2 PAN-OS 10.1 Prisma Access | None None < 11.1.5 < 11.0.7 < 10.2.11 < 10.1.14-h14 None | All All >= 11.1.5 >= 11.0.7 >= 10.2.11 >= 10.1.14-h14 All | 2025-05-14 | 2025-05-14 |
| 1.1 | CVE-2025-0137
PAN-OS: Improper Neutralization of Input in the Management Web Interface | Cloud NGFW PAN-OS 11.2 PAN-OS 11.1 PAN-OS 10.2 PAN-OS 10.1 | None < 11.2.5 < 11.1.8 < 10.2.13 < 10.1.14-h14 | All >= 11.2.5 >= 11.1.8 >= 10.2.13 >= 10.1.14-h14 | 2025-05-14 | 2025-05-14 |
| i | PAN-SA-2025-0010
Informational Bulletin: No Impact of the Marvin Attack on PAN-OS | | | | 2025-05-14 | 2025-05-14 |
| 1.9 | CVE-2025-0123
PAN-OS: Information Disclosure Vulnerability in HTTP/2 Packet Captures | Cloud NGFW PAN-OS 11.2 PAN-OS 11.1 PAN-OS 10.2 PAN-OS 10.1 Prisma Access | None < 11.2.6 < 11.1.8 < 10.2.15 < 10.1.14-h13 None | All >= 11.2.6 >= 11.1.8 >= 10.2.15 >= 10.1.14-h13 All | 2025-04-09 | 2025-04-09 |
| 2 | CVE-2025-0124
PAN-OS: Authenticated File Deletion Vulnerability on the Management Web Interface | Cloud NGFW PAN-OS 11.2 PAN-OS 11.1 PAN-OS 11.0 PAN-OS 10.2 PAN-OS 10.1 Prisma Access | All < 11.2.1 < 11.1.5 < 11.0.6 < 10.2.10 < 10.1.14-h11 None | None (ETA end of April) >= 11.2.1 >= 11.1.5 >= 11.0.6 >= 10.2.10 >= 10.1.14-h11 All | 2025-04-09 | 2025-04-09 |
| 4.4 | CVE-2025-0125
PAN-OS: Improper Neutralization of Input in the Management Web Interface | Cloud NGFW PAN-OS 11.2 PAN-OS 11.1 PAN-OS 11.0 PAN-OS 10.2 PAN-OS 10.1 Prisma Access | None < 11.2.5 < 11.1.5 < 11.0.6 < 10.2.10-h19, < 10.2.11 < 10.1.14-h11 None | All >= 11.2.5 >= 11.1.5 >= 11.0.6 >= 10.2.10-h19, >= 10.2.11 >= 10.1.14-h11 All | 2025-04-09 | 2025-06-12 |
| 5.6 | CVE-2025-0126
PAN-OS: Session Fixation Vulnerability in GlobalProtect SAML Login | Cloud NGFW PAN-OS 11.2 PAN-OS 11.1 PAN-OS 11.0 PAN-OS 10.2 PAN-OS 10.1 Prisma Access | None < 11.2.3 < 11.1.5 < 11.0.6 < 10.2.4-h25, < 10.2.9-h13, < 10.2.10-h6, < 10.2.11 < 10.1.14-h11 < 10.2.4-h36 on PAN-OS, < 10.2.10-h16 on PAN-OS, < 11.2.4-h5 on PAN-OS | All >= 11.2.3 >= 11.1.5 >= 11.0.6 >= 10.2.4-h25, >= 10.2.9-h13, >= 10.2.10-h6, >= 10.2.11 >= 10.1.14-h11 >= 10.2.4-h36 on PAN-OS, >= 10.2.10-h16 on PAN-OS, >= 11.2.4-h5 on PAN-OS | 2025-04-09 | 2025-04-09 |
| 4 | CVE-2025-0127
PAN-OS: Authenticated Admin Command Injection Vulnerability in PAN-OS VM-Series | Cloud NGFW PAN-OS 11.2 PAN-OS 11.1 PAN-OS 11.0 PAN-OS 10.2 PAN-OS 10.1 Prisma Access | None None on VM-Series None on VM-Series < 11.0.4 on VM-Series < 10.2.9 on VM-Series < 10.1.14-h13 on VM-Series None | All All on VM-Series All on VM-Series >= 11.0.4 on VM-Series >= 10.2.9 on VM-Series >= 10.1.14-h13 on VM-Series All | 2025-04-09 | 2025-04-09 |
| 6.6 | CVE-2025-0128
PAN-OS: Firewall Denial of Service (DoS) Using a Specially Crafted Packet | Cloud NGFW PAN-OS 11.2 PAN-OS 11.1 PAN-OS 11.0 PAN-OS 10.2 PAN-OS 10.1 Prisma Access | None on PAN-OS < 11.2.3 < 11.1.5 < 11.0.6 < 10.2.10-h17 < 10.1.14-h11 < 10.2.4-h36 on PAN-OS, < 10.2.10-h16 on PAN-OS, < 11.2.4-h5 on PAN-OS | All on PAN-OS >= 11.2.3 >= 11.1.5 >= 11.0.6 >= 10.2.10-h17 >= 10.1.14-h11 >= 10.2.4-h36 on PAN-OS, >= 10.2.10-h16 on PAN-OS, >= 11.2.4-h5 on PAN-OS | 2025-04-09 | 2025-04-09 |
| 4.3 | CVE-2025-0116
PAN-OS: Firewall Denial of Service (DoS) Using a Specially Crafted LLDP Frame | Cloud NGFW PAN-OS 11.2 PAN-OS 11.1 PAN-OS 10.2 PAN-OS 10.1 Prisma Access | None < 11.2.5 < 11.1.4-h17, < 11.1.6-h6, < 11.1.8 < 10.2.10-h17, < 10.2.13-h5, < 10.2.14 < 10.1.14-h11 None | All >= 11.2.5 >= 11.1.4-h17, >= 11.1.6-h6, >= 11.1.8 >= 10.2.10-h17, >= 10.2.13-h5, >= 10.2.14 >= 10.1.14-h11 All | 2025-03-12 | 2025-04-04 |
| 4.3 | CVE-2025-0115
PAN-OS: Authenticated Admin File Read Vulnerability in PAN-OS CLI | Cloud NGFW PAN-OS 11.2 PAN-OS 11.1 PAN-OS 11.0 PAN-OS 10.2 PAN-OS 10.1 Prisma Access | None < 11.2.3 < 11.1.4-h17, < 11.1.5 < 11.0.6 < 10.2.10-h18, < 10.2.11 < 10.1.14-h11 None | All >= 11.2.3 >= 11.1.4-h17, >= 11.1.5 >= 11.0.6 >= 10.2.10-h18, >= 10.2.11 >= 10.1.14-h11 All | 2025-03-12 | 2025-06-12 |
| 4.6 | CVE-2025-0114
PAN-OS: Denial of Service (DoS) in GlobalProtect | Cloud NGFW PAN-OS 11.2 PAN-OS 11.1 PAN-OS 11.0 PAN-OS 10.2 PAN-OS 10.1 Prisma Access | None None None < 11.0.2 < 10.2.5 < 10.1.14-h11 None | All All All >= 11.0.2 >= 10.2.5 >= 10.1.14-h11 All | 2025-03-12 | 2025-03-12 |
| i | PAN-SA-2025-0006
Informational Bulletin: Impact of OSS CVEs in PAN-OS | | | | 2025-02-12 | 2025-02-12 |
| i | PAN-SA-2025-0005
GlobalProtect Clientless VPN: Clientless VPN Misconfiguration Allows Cross-Site Attacks | Cloud NGFW PAN-OS Prisma Access | | | 2025-02-12 | 2025-02-12 |
| 7.1 | CVE-2025-0111
PAN-OS: Authenticated File Read Vulnerability in the Management Web Interface | Cloud NGFW PAN-OS 11.2 PAN-OS 11.1 PAN-OS 10.2 PAN-OS 10.1 Prisma Access | None < 11.2.4-h4, < 11.2.5 < 11.1.2-h18, < 11.1.4-h13, < 11.1.6-h1 < 10.2.7-h24, < 10.2.8-h21, < 10.2.9-h21, < 10.2.10-h14, < 10.2.11-h12, < 10.2.12-h6, < 10.2.13-h3 < 10.1.14-h9 None | All >= 11.2.4-h4, >= 11.2.5 >= 11.1.2-h18, >= 11.1.4-h13, >= 11.1.6-h1 >= 10.2.7-h24, >= 10.2.8-h21, >= 10.2.9-h21, >= 10.2.10-h14, >= 10.2.11-h12, >= 10.2.12-h6, >= 10.2.13-h3 >= 10.1.14-h9 All | 2025-02-12 | 2025-03-06 |
| 5.5 | CVE-2025-0109
PAN-OS: Unauthenticated File Deletion Vulnerability on the Management Web Interface | Cloud NGFW PAN-OS 11.2 PAN-OS 11.1 PAN-OS 10.2 PAN-OS 10.1 Prisma Access | None < 11.2.4-h4, < 11.2.5 < 11.1.2-h18, < 11.1.4-h13, < 11.1.6-h1 < 10.2.7-h24, < 10.2.8-h21, < 10.2.9-h21, < 10.2.10-h14, < 10.2.11-h12, < 10.2.12-h6, < 10.2.13-h3 < 10.1.14-h9 None | All >= 11.2.4-h4, >= 11.2.5 >= 11.1.2-h18, >= 11.1.4-h13, >= 11.1.6-h1 >= 10.2.7-h24, >= 10.2.8-h21, >= 10.2.9-h21, >= 10.2.10-h14, >= 10.2.11-h12, >= 10.2.12-h6, >= 10.2.13-h3 >= 10.1.14-h9 All | 2025-02-12 | 2025-03-06 |
| 8.8 | CVE-2025-0108
PAN-OS: Authentication Bypass in the Management Web Interface | Cloud NGFW PAN-OS 11.2 PAN-OS 11.1 PAN-OS 10.2 PAN-OS 10.1 Prisma Access | None < 11.2.4-h4, < 11.2.5 < 11.1.2-h18, < 11.1.4-h13, < 11.1.6-h1 < 10.2.7-h24, < 10.2.8-h21, < 10.2.9-h21, < 10.2.10-h14, < 10.2.11-h12, < 10.2.12-h6, < 10.2.13-h3 < 10.1.14-h9 None | All >= 11.2.4-h4, >= 11.2.5 >= 11.1.2-h18, >= 11.1.4-h13, >= 11.1.6-h1 >= 10.2.7-h24, >= 10.2.8-h21, >= 10.2.9-h21, >= 10.2.10-h14, >= 10.2.11-h12, >= 10.2.12-h6, >= 10.2.13-h3 >= 10.1.14-h9 All | 2025-02-12 | 2025-03-06 |
| i | PAN-SA-2025-0003
Informational: PAN-OS BIOS and Bootloader Security Bulletin | Cloud NGFW PAN-OS Prisma Access | None All on PA-3200, PA-5200, PA-7000 None | All None on PA-3200, PA-5200, PA-7000. No other platforms are affected All | 2025-01-23 | 2025-03-26 |
| 7.8 | PAN-SA-2025-0001
Expedition: Multiple Vulnerabilities in Expedition Migration Tool Lead to Exposure of Firewall Credentials | Cloud NGFW Expedition 1 Panorama PAN-OS Prisma Access | None < 1.2.101 None None None | | 2025-01-08 | 2025-01-15 |
| 8.7 | CVE-2024-3393
PAN-OS: Firewall Denial of Service (DoS) in DNS Security Using a Specially Crafted Packet | Cloud NGFW PAN-OS PAN-OS 11.2 PAN-OS 11.1 PAN-OS 10.2 PAN-OS 10.1 PAN-OS 10.0 PAN-OS 9.1 Prisma Access | None None on Panorama < 11.2.3 < 11.1.2-h16, < 11.1.3-h13, < 11.1.4-h7, < 11.1.5 >= 10.2.8, < 10.2.8-h19, < 10.2.9-h19, < 10.2.10-h12, < 10.2.11-h10, < 10.2.12-h4, < 10.2.13-h2, < 10.2.14 >= 10.1.14, < 10.1.14-h8, < 10.1.15 None None >= 10.2.8 on PAN-OS, < 10.2.9-h19 on PAN-OS, < 10.2.10-h12 on PAN-OS, < 11.2.3 on PAN-OS | All All on Panorama >= 11.2.3 >= 11.1.2-h16, >= 11.1.3-h13, >= 11.1.4-h7, >= 11.1.5 < 10.2.8, >= 10.2.8-h19, >= 10.2.9-h19, >= 10.2.10-h12, >= 10.2.11-h10, >= 10.2.12-h4, >= 10.2.13-h2, >= 10.2.14 < 10.1.14, >= 10.1.14-h8, >= 10.1.15 All All < 10.2.8 on PAN-OS, >= 10.2.9-h19 on PAN-OS, >= 10.2.10-h12 on PAN-OS, >= 11.2.3 on PAN-OS | 2024-12-27 | 2025-01-30 |