CVE-2025-0138 Prisma Cloud Compute Edition: Insufficient Session Expiration Vulnerability in the Web Interface
Description
Web sessions in the web interface of Palo Alto Networks Prisma® Cloud Compute Edition do not expire when users are deleted, which makes Prisma Cloud Compute Edition susceptible to unauthorized access.
Compute in Prisma Cloud Enterprise Edition is not affected by this issue.Product Status
| Versions | Affected | Unaffected |
|---|---|---|
| Compute in Prisma Cloud Enterprise Edition | None | All |
| Prisma Cloud Compute Edition | < 34.00.141 | >= 34.00.141 |
Required Configuration for Exposure
No special configuration is required to be affected by this issue.
Severity: LOW, Suggested Urgency: MODERATE
CVSS-BT: 0.3 / CVSS-B: 2.0 (CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber)
Exploitation Status
Palo Alto Networks is not aware of any malicious exploitation of this issue.
Weakness Type and Impact
CWE-613 Insufficient Session Expiration
CAPEC-114 Authentication Abuse
Solution
This issue is fixed in Prisma Cloud Compute Edition 34.00.141, and all later Prisma Cloud Compute Edition versions.
Workarounds and Mitigations
No workaround or mitigation is available.
Acknowledgments
CPEs
cpe:2.3:a:paloaltonetworks:prisma_cloud_compute_edition:34.00.137:*:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:prisma_cloud_compute_edition:33.03.138:*:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:prisma_cloud_compute_edition:33.02.134:*:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:prisma_cloud_compute_edition:33.01.137:*:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:prisma_cloud_compute_edition:32.07.123:*:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:prisma_cloud_compute_edition:32.06.113:*:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:prisma_cloud_compute_edition:32.05.124:*:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:prisma_cloud_compute_edition:32.04.113:*:*:*:*:*:*:*