{"document":{"category":"csaf_vex","csaf_version":"2.1","notes":[{"category":"summary","text":"Palo Alto Networks PSIRT provided VEX document. This document is autogenerated.","title":"PAN-OS: Firewall Denial of Service (DoS) Using Specially Crafted Packets"}],"publisher":{"category":"vendor","name":"Palo Alto Networks","namespace":"https://security.paloaltonetworks.com"},"title":"Palo Alto Networks PSIRT provided VEX document: CVE-2025-4619","distribution":{"text":"Copyright © 2024 Palo Alto Networks. All rights reserved.","tlp":{"label":"CLEAR","url":"https://www.first.org/tlp/"}},"tracking":{"current_release_date":"2026-03-11T22:30:34.805Z","generator":{"date":"2026-03-11T22:30:34.805Z","engine":{"name":"Vulnogram","version":"0.1.0-dev"}},"id":"CVE-2025-4619","initial_release_date":"2025-11-12T17:00:00.000Z","revision_history":[{"number":"1","date":"2025-11-12T09:00:00.000Z","summary":"Initial publication"}],"status":"final","version":"1"}},"product_tree":{"branches":[{"name":"Palo Alto Networks","category":"vendor","branches":[{"name":"Cloud NGFW","category":"product_name","branches":[{"category":"product_version","name":"Cloud NGFW All","product":{"name":"Palo Alto Networks Cloud NGFW","product_id":"PANW-Cloud-NGFW-1"}}]},{"name":"PAN-OS","category":"product_name","branches":[{"category":"product_version_range","name":"vers:generic/PAN-OS>=12.1.0","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-724"}},{"category":"product_version_range","name":"vers:generic/PAN-OS<11.2.5","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-656"}},{"category":"product_version_range","name":"vers:generic/PAN-OS>=11.2.5","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-656"}},{"category":"product_version_range","name":"vers:generic/PAN-OS>=11.2.4-h4","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-645"}},{"category":"product_version_range","name":"vers:generic/PAN-OS>=11.2.3-h6","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-753"}},{"category":"product_version_range","name":"vers:generic/PAN-OS>=11.2.2-h2","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-609"}},{"category":"product_version_range","name":"vers:generic/PAN-OS<11.1.7","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-755"}},{"category":"product_version_range","name":"vers:generic/PAN-OS>=11.1.7","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-755"}},{"category":"product_version_range","name":"vers:generic/PAN-OS>=11.1.6-h1","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-644"}},{"category":"product_version_range","name":"vers:generic/PAN-OS>=11.1.4-h13","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-655"}},{"category":"product_version_range","name":"vers:generic/PAN-OS>=11.1.4-h4","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-757"}},{"category":"product_version_range","name":"vers:generic/PAN-OS>=11.1.3-h2","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-759"}},{"category":"product_version_range","name":"vers:generic/PAN-OS>=11.1.2-h18","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-654"}},{"category":"product_version_range","name":"vers:generic/PAN-OS>=11.1.2-h9","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-761"}},{"category":"product_version_range","name":"vers:generic/PAN-OS<10.2.14","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-535"}},{"category":"product_version_range","name":"vers:generic/PAN-OS>=10.2.14","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-535"}},{"category":"product_version_range","name":"vers:generic/PAN-OS>=10.2.13-h3","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-643"}},{"category":"product_version_range","name":"vers:generic/PAN-OS>=10.2.12-h6","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-649"}},{"category":"product_version_range","name":"vers:generic/PAN-OS>=10.2.11-h12","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-653"}},{"category":"product_version_range","name":"vers:generic/PAN-OS>=10.2.10-h14","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-652"}},{"category":"product_version_range","name":"vers:generic/PAN-OS>=10.2.10-h2","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-763"}},{"category":"product_version_range","name":"vers:generic/PAN-OS>=10.2.9-h21","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-648"}},{"category":"product_version_range","name":"vers:generic/PAN-OS>=10.2.9-h6","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-765"}},{"category":"product_version_range","name":"vers:generic/PAN-OS>=10.2.8-h21","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-647"}},{"category":"product_version_range","name":"vers:generic/PAN-OS>=10.2.8-h10","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-767"}},{"category":"product_version_range","name":"vers:generic/PAN-OS>=10.2.7-h24","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-646"}},{"category":"product_version_range","name":"vers:generic/PAN-OS>=10.2.7-h11","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-769"}},{"category":"product_version_range","name":"vers:generic/PAN-OS>=10.2.4-h25","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-667"}},{"category":"product_version_range","name":"vers:generic/PAN-OS>=10.1.0","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-118"}}]},{"name":"Prisma Access","category":"product_name","branches":[{"category":"product_version_range","name":"vers:generic/Prisma Access<10.2.10-h14","product":{"name":"Palo Alto Networks Prisma Access","product_id":"PANW-Prisma-Access-33"}},{"category":"product_version_range","name":"vers:generic/Prisma Access>=11.2.4-h4","product":{"name":"Palo Alto Networks Prisma Access","product_id":"PANW-Prisma-Access-35"}},{"category":"product_version_range","name":"vers:generic/Prisma Access>=10.2.10-h14","product":{"name":"Palo Alto Networks Prisma Access","product_id":"PANW-Prisma-Access-33"}},{"category":"product_version_range","name":"vers:generic/Prisma Access>=10.2.4-h25","product":{"name":"Palo Alto Networks Prisma Access","product_id":"PANW-Prisma-Access-37"}}]}]}]},"vulnerabilities":[{"cve":"CVE-2025-4619","product_status":{"fixed":["PANW-PAN-OS-656","PANW-PAN-OS-645","PANW-PAN-OS-753","PANW-PAN-OS-609","PANW-PAN-OS-755","PANW-PAN-OS-644","PANW-PAN-OS-655","PANW-PAN-OS-654","PANW-PAN-OS-535","PANW-PAN-OS-643","PANW-PAN-OS-649","PANW-PAN-OS-653","PANW-PAN-OS-652","PANW-PAN-OS-648","PANW-PAN-OS-647","PANW-PAN-OS-646","PANW-Prisma-Access-35","PANW-Prisma-Access-33"],"known_affected":["PANW-PAN-OS-656","PANW-PAN-OS-755","PANW-PAN-OS-757","PANW-PAN-OS-759","PANW-PAN-OS-761","PANW-PAN-OS-535","PANW-PAN-OS-763","PANW-PAN-OS-765","PANW-PAN-OS-767","PANW-PAN-OS-769","PANW-PAN-OS-667","PANW-Prisma-Access-33","PANW-Prisma-Access-37"],"known_not_affected":["PANW-Cloud-NGFW-1","PANW-PAN-OS-724","PANW-PAN-OS-118"]},"notes":[{"category":"description","text":"A denial-of-service (DoS) vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to reboot a firewall by sending a specially crafted packet through the dataplane. Repeated attempts to initiate a reboot causes the firewall to enter maintenance mode.\n\nThis issue is applicable to the PAN-OS software versions listed below on PA-Series firewalls, VM-Series firewalls, and Prisma® Access software. This issue does not affect Cloud NGFW.\n\nWe have successfully completed the Prisma Access upgrade for all customers, with the exception of those facing issues such as conflicting maintenance windows. Remaining customers will be promptly scheduled for an upgrade through our standard upgrade process."}],"references":[{"category":"external","summary":"NVD - CVE-2025-4619","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-4619"},{"category":"self","summary":"Palo Alto Networks Security Advisory CVE-2025-4619","url":"https://security.paloaltonetworks.com/CVE-2025-4619"}],"threats":[{"category":"impact","description":"A denial-of-service (DoS) vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to reboot a firewall by sending a specially crafted packet through the dataplane. Repeated attempts to initiate a reboot causes the firewall to enter maintenance mode.\n\nThis issue is applicable to the PAN-OS software versions listed below on PA-Series firewalls, VM-Series firewalls, and Prisma® Access software. This issue does not affect Cloud NGFW.\n\nWe have successfully completed the Prisma Access upgrade for all customers, with the exception of those facing issues such as conflicting maintenance windows. Remaining customers will be promptly scheduled for an upgrade through our standard upgrade process."}],"scores":[{"cvss_v4":{"version":"4.0","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","subConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subAvailabilityImpact":"NONE","Safety":"NOT_DEFINED","Automatable":"YES","Recovery":"USER","valueDensity":"CONCENTRATED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"AMBER","exploitMaturity":"UNREPORTED","baseSeverity":"HIGH","baseScore":8.7,"threatSeverity":"MEDIUM","threatScore":6.6,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/AU:Y/R:U/V:C/RE:M/U:Amber"},"products":["PANW-PAN-OS-656","PANW-PAN-OS-755","PANW-PAN-OS-757","PANW-PAN-OS-759","PANW-PAN-OS-761","PANW-PAN-OS-535","PANW-PAN-OS-763","PANW-PAN-OS-765","PANW-PAN-OS-767","PANW-PAN-OS-769","PANW-PAN-OS-667","PANW-Prisma-Access-33","PANW-Prisma-Access-37"]}]}]}