{"document":{"category":"csaf_vex","csaf_version":"2.1","notes":[{"category":"summary","text":"Palo Alto Networks PSIRT provided VEX document. This document is autogenerated.","title":"Prisma Cloud Compute Edition: Insufficient Session Expiration Vulnerability in the Web Interface"}],"publisher":{"category":"vendor","name":"Palo Alto Networks","namespace":"https://security.paloaltonetworks.com"},"title":"Palo Alto Networks PSIRT provided VEX document: CVE-2025-0138","distribution":{"text":"Copyright © 2024 Palo Alto Networks. All rights reserved.","tlp":{"label":"CLEAR","url":"https://www.first.org/tlp/"}},"tracking":{"current_release_date":"2026-04-11T00:52:40.921Z","generator":{"date":"2026-04-11T00:52:40.921Z","engine":{"name":"Vulnogram","version":"0.1.0-dev"}},"id":"CVE-2025-0138","initial_release_date":"2025-05-14T16:00:00.000Z","revision_history":[{"number":"1","date":"2025-05-14T09:00:00.000Z","summary":"Initial Publication"},{"number":"2","date":"2025-06-23T07:30:00.000Z","summary":"Corrected the fix version to 34.01.129"}],"status":"final","version":"1"}},"product_tree":{"branches":[{"name":"Palo Alto Networks","category":"vendor","branches":[{"name":"Prisma Cloud Compute Edition","category":"product_name","branches":[{"category":"product_version_range","name":"vers:generic/Prisma Cloud Compute Edition<34.01.129","product":{"name":"Palo Alto Networks Prisma Cloud Compute Edition","product_id":"PANW-Prisma-Cloud-Compute-Edition-2"}},{"category":"product_version_range","name":"vers:generic/Prisma Cloud Compute Edition>=34.01.129","product":{"name":"Palo Alto Networks Prisma Cloud Compute Edition","product_id":"PANW-Prisma-Cloud-Compute-Edition-2"}}]},{"name":"Compute in Prisma Cloud Enterprise Edition","category":"product_name","branches":[{"category":"product_version","name":"Compute in Prisma Cloud Enterprise Edition All","product":{"name":"Palo Alto Networks Compute in Prisma Cloud Enterprise Edition","product_id":"PANW-Compute-in-Prisma-Cloud-Enterprise-Edition-1"}}]}]}]},"vulnerabilities":[{"cve":"CVE-2025-0138","product_status":{"fixed":["PANW-Prisma-Cloud-Compute-Edition-2"],"known_affected":["PANW-Prisma-Cloud-Compute-Edition-2"],"known_not_affected":["PANW-Compute-in-Prisma-Cloud-Enterprise-Edition-1"]},"notes":[{"category":"description","text":"Web sessions in the web interface of Palo Alto Networks Prisma® Cloud Compute Edition do not expire when users are deleted, which makes Prisma Cloud Compute Edition susceptible to unauthorized access.\n\nCompute in Prisma Cloud Enterprise Edition is not affected by this issue."}],"references":[{"category":"external","summary":"NVD - CVE-2025-0138","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-0138"},{"category":"self","summary":"Palo Alto Networks Security Advisory CVE-2025-0138","url":"https://security.paloaltonetworks.com/CVE-2025-0138"}],"threats":[{"category":"impact","description":"Web sessions in the web interface of Palo Alto Networks Prisma® Cloud Compute Edition do not expire when users are deleted, which makes Prisma Cloud Compute Edition susceptible to unauthorized access.\n\nCompute in Prisma Cloud Enterprise Edition is not affected by this issue."}],"scores":[{"cvss_v4":{"version":"4.0","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","subConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subAvailabilityImpact":"NONE","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"USER","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"AMBER","exploitMaturity":"UNREPORTED","baseSeverity":"LOW","baseScore":2,"threatSeverity":"LOW","threatScore":0.3,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber"},"products":["PANW-Prisma-Cloud-Compute-Edition-2"]}]}]}