Palo Alto Networks Security Advisories

Clear
version
severity
product
Clear
Found 8
VersionsAffectedUnaffected
2.3CVE-2025-4229 PAN-OS: Traffic Information Disclosure Vulnerability
Cloud NGFW
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 10.2
PAN-OS 10.1
Prisma Access
None
< 11.2.7
< 11.1.10
< 10.2.16-h1, < 10.2.17
< 10.1.14-h16
None
All
>= 11.2.7
>= 11.1.10
>= 10.2.16-h1, >= 10.2.17 [ETA: Aug 2025]
>= 10.1.14-h16
All
2025-06-112025-06-30
5.7CVE-2025-4230 PAN-OS: Authenticated Admin Command Injection Vulnerability Through CLI
Cloud NGFW
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 10.2
PAN-OS 10.1
Prisma Access
None
< 11.2.6
< 11.1.6-h14, < 11.1.10
< 10.2.10-h27
< 10.1.14-h15
None
All
>= 11.2.6
>= 11.1.6-h14, >= 11.1.10
>= 10.2.10-h27
>= 10.1.14-h15
All
2025-06-112025-06-30
6.1CVE-2025-4231 PAN-OS: Authenticated Admin Command Injection Vulnerability in the Management Web Interface
Cloud NGFW
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 11.0
PAN-OS 10.2
PAN-OS 10.1
Prisma Access
None
None
None
< 11.0.3
< 10.2.8
All
None
All
All
All
>= 11.0.3
>= 10.2.8
None
All
2025-06-112025-06-11
1.1CVE-2025-0137 PAN-OS: Improper Neutralization of Input in the Management Web Interface
Cloud NGFW
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 10.2
PAN-OS 10.1
Prisma Access
None
< 11.2.5
< 11.1.6-h14, < 11.1.8
< 10.2.13
< 10.1.14-h14
None
All
>= 11.2.5
>= 11.1.6-h14, >= 11.1.8
>= 10.2.13
>= 10.1.14-h14
All
2025-05-142025-07-11
1.3CVE-2025-0136 PAN-OS: Unencrypted Data Transfer when using AES-128-CCM on Intel-based hardware devices
Cloud NGFW
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 11.0
PAN-OS 10.2
PAN-OS 10.1
Prisma Access
None
None
< 11.1.5
< 11.0.7
< 10.2.11
< 10.1.14-h14
None
All
All
>= 11.1.5
>= 11.0.7
>= 10.2.11
>= 10.1.14-h14
All
2025-05-142025-05-14
2CVE-2025-0133 PAN-OS: Reflected Cross-Site Scripting (XSS) Vulnerability in GlobalProtect Gateway and Portal
Cloud NGFW
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 10.2
PAN-OS 10.1
Prisma Access
All
< 11.2.4-h9, < 11.2.7
< 11.1.6-h14, < 11.1.10-h1
< 10.2.16-h1
All
All
None (See Mitigations and Workarounds)
>= 11.2.4-h9, >= 11.2.7
>= 11.1.6-h14, >= 11.1.10-h1
>= 10.2.16-h1
None
None (See Mitigations and Workarounds)
2025-05-142025-07-09
4CVE-2025-0127 PAN-OS: Authenticated Admin Command Injection Vulnerability in PAN-OS VM-Series
Cloud NGFW
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 11.0
PAN-OS 10.2
PAN-OS 10.1
Prisma Access
None
None on VM-Series
None on VM-Series
< 11.0.4 on VM-Series
< 10.2.9 on VM-Series
< 10.1.14-h13 on VM-Series
None
All
All on VM-Series
All on VM-Series
>= 11.0.4 on VM-Series
>= 10.2.9 on VM-Series
>= 10.1.14-h13 on VM-Series
All
2025-04-092025-04-09
1.9CVE-2025-0123 PAN-OS: Information Disclosure Vulnerability in HTTP/2 Packet Captures
Cloud NGFW
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 10.2
PAN-OS 10.1
Prisma Access
None
< 11.2.6
< 11.1.6-h10, < 11.1.8
< 10.2.10-h21, < 10.2.15
< 10.1.14-h13
None
All
>= 11.2.6
>= 11.1.6-h10, >= 11.1.8
>= 10.2.10-h21, >= 10.2.15
>= 10.1.14-h13
All
2025-04-092025-07-11
Download
Terms of usePrivacyProduct Security Assurance and Vulnerability Disclosure PolicyReport vulnerabilitiesManage subscriptions
© 2025 Palo Alto Networks, Inc. All rights reserved.