Palo Alto Networks Security Advisories / PAN-SA-2025-0012

PAN-SA-2025-0012 Informational Bulletin: OSS CVEs Fixed in PAN-OS


Informational

JSON CSAF
Published 2025-07-09
Updated 2025-07-09
Discovered externally

Description

The Palo Alto Networks Product Security Assurance team has evaluated the following open source software (OSS) CVEs as they relate to PAN-OS. While it was not determined that these CVEs have any significant impact on PAN-OS, they have been fixed out of an abundance of caution.

CVESummary
CVE-2018-25032This CVE is fixed in PAN-OS 10.1.7, 10.2.2 and all later versions of PAN-OS
CVE-2019-5827This CVE is fixed in PAN-OS 11.1.4, and all later versions of PAN-OS.
CVE-2019-13750This CVE is fixed in PAN-OS 11.1.4, and all later versions of PAN-OS.
CVE-2019-13751This CVE is fixed in PAN-OS 11.1.4, and all later versions of PAN-OS.
CVE-2019-19603This CVE is fixed in PAN-OS 11.1.4, and all later versions of PAN-OS.
CVE-2020-9283This CVE is fixed in PAN-OS 11.2.5, and all later versions of PAN-OS.
CVE-2020-13434This CVE is fixed in PAN-OS 11.1.4, and all later versions of PAN-OS.
CVE-2020-13435This CVE is fixed in PAN-OS 11.1.4, and all later versions of PAN-OS.
CVE-2020-14040This CVE is fixed in PAN-OS 11.2.5, and all later versions of PAN-OS.
CVE-2020-15358This CVE is fixed in PAN-OS 11.1.4, and all later versions of PAN-OS.
CVE-2020-29652This CVE is fixed in PAN-OS 11.2.5, and all later versions of PAN-OS.
CVE-2021-20305This CVE is fixed in PAN-OS 10.2.11, 11.1.3, and all later versions of PAN-OS.
CVE-2021-27918This CVE is fixed in PAN-OS 11.2.5, and all later versions of PAN-OS
CVE-2022-1962This CVE is fixed in PAN-OS 11.2.5, and all later versions of PAN-OS
CVE-2022-28131This CVE is fixed in PAN-OS 11.2.5, and all later versions of PAN-OS
CVE-2022-30633This CVE is fixed in PAN-OS 11.2.5, and all later versions of PAN-OS
CVE-2023-3978This CVE is fixed in PAN-OS 11.2.5, and all later versions of PAN-OS
CVE-2023-27536This CVE is fixed in PAN-OS 11.1.8, 11.2.5, and all later versions of PAN-OS.
CVE-2023-28321This CVE is fixed in PAN-OS 11.1.8, 11.2.5, and all later versions of PAN-OS.
CVE-2023-28322This CVE is fixed in PAN-OS 11.1.8, 11.2.5, and all later versions of PAN-OS.
CVE-2023-38546This CVE is fixed in PAN-OS 11.1.8, 11.2.5, and all later versions of PAN-OS.
CVE-2023-43804This CVE is fixed in PAN-OS 10.2.14, 11.1.5, 11.2.5, and all later versions of PAN-OS.
CVE-2023-46218This CVE is fixed in PAN-OS 11.1.8, 11.2.5, and all later versions of PAN-OS.
CVE-2024-1086This CVE is fixed in PAN-OS 10.2.11, 11.1.5, 11.2.3, and all later versions of PAN-OS.
CVE-2024-34155This CVE is fixed in PAN-OS 11.2.5, and all later versions of PAN-OS
CVE-2021-3712This CVE is fixed in PAN-OS 10.1.4, 10.2.4 and all later versions of PAN-OS
CVE-2019-9517This CVE is fixed in PAN-OS 10.2.17[ETA October 2025], 11.1.11[ETA September 2025], 11.2.8[ETA July 24 2025] and all later versions of PAN-OS

Exploitation Status

Palo Alto Networks is not aware of any malicious exploitation of this issue.

Solution

The OSS CVEs are fixed in the respective PAN-OS versions.

CPE Applicability

Terms of usePrivacyProduct Security Assurance and Vulnerability Disclosure PolicyReport vulnerabilitiesManage subscriptions
© 2025 Palo Alto Networks, Inc. All rights reserved.