| 1.1 | CVE-2025-4614
PAN-OS: Session Token Disclosure Vulnerability | Cloud NGFW PAN-OS 12.1 PAN-OS 11.2 PAN-OS 11.1 PAN-OS 10.2 Prisma Access | None None < 11.2.8 < 11.1.10-h7 < 10.2.17 None | All All >= 11.2.8 >= 11.1.10-h7 >= 10.2.17 All | 2025-10-08 | 2025-10-08 |
| 4.5 | CVE-2025-4615
PAN-OS: Improper Neutralization of Input in the Management Web Interface | Cloud NGFW PAN-OS 12.1 PAN-OS 11.2 PAN-OS 11.1 PAN-OS 10.2 Prisma Access | None None < 11.2.8 < 11.1.10-h7 < 10.2.17 None | All All >= 11.2.8 >= 11.1.10-h7 >= 10.2.17 All | 2025-10-08 | 2025-10-08 |
| 3.3 | CVE-2025-2182
PAN-OS: Firewall Clusters using the MACsec Protocol Expose the Connectivity Association Key (CAK) | Cloud NGFW PAN-OS PAN-OS 11.2 PAN-OS 11.1 PAN-OS 10.2 PAN-OS 10.1 Prisma Access | None None on devices other than PA-7500 < 11.2.8 on PA-7500 < 11.1.10 on PA-7500 None on PA-7500 None on PA-7500 None | All All on devices other than PA-7500 >= 11.2.8 on PA-7500 >= 11.1.10 on PA-7500 All on PA-7500 All on PA-7500 All | 2025-08-13 | 2025-08-13 |
| 2.3 | CVE-2025-4229
PAN-OS: Traffic Information Disclosure Vulnerability | Cloud NGFW PAN-OS 11.2 PAN-OS 11.1 PAN-OS 10.2 PAN-OS 10.1 Prisma Access | None < 11.2.7 < 11.1.10 < 10.2.16-h1, < 10.2.17 < 10.1.14-h16 None | All >= 11.2.7 >= 11.1.10 >= 10.2.16-h1, >= 10.2.17 [ETA: Aug 2025] >= 10.1.14-h16 All | 2025-06-11 | 2025-06-30 |
| 2 | CVE-2025-0133
PAN-OS: Reflected Cross-Site Scripting (XSS) Vulnerability in GlobalProtect Gateway and Portal | Cloud NGFW PAN-OS 11.2 PAN-OS 11.1 PAN-OS 10.2 PAN-OS 10.1 Prisma Access | All < 11.2.4-h9, < 11.2.7 < 11.1.6-h14, < 11.1.10-h1 < 10.2.16-h1 All All | None (See Mitigations and Workarounds) >= 11.2.4-h9, >= 11.2.7 >= 11.1.6-h14, >= 11.1.10-h1 >= 10.2.16-h1 None None (See Mitigations and Workarounds) | 2025-05-14 | 2025-07-09 |