{"document":{"category":"csaf_vex","csaf_version":"2.1","notes":[{"category":"summary","text":"Palo Alto Networks PSIRT provided VEX document. This document is autogenerated.","title":"GlobalProtect Clientless VPN: Clientless VPN Misconfiguration Allows Cross-Site Attacks"}],"publisher":{"category":"vendor","name":"Palo Alto Networks","namespace":"https://security.paloaltonetworks.com"},"title":"Palo Alto Networks PSIRT provided VEX document: PAN-SA-2025-0005","distribution":{"text":"Copyright © 2024 Palo Alto Networks. All rights reserved.","tlp":{"label":"CLEAR","url":"https://www.first.org/tlp/"}},"tracking":{"current_release_date":"2026-04-11T00:52:45.480Z","generator":{"date":"2026-04-11T00:52:45.480Z","engine":{"name":"Vulnogram","version":"0.1.0-dev"}},"id":"PAN-SA-2025-0005","initial_release_date":"2025-02-12T17:00:00.000Z","revision_history":[{"number":"1","date":"2025-02-12T09:00:00.000Z","summary":"Initial Publication"}],"status":"final","version":"1"}},"product_tree":{"branches":[{"name":"Palo Alto Networks","category":"vendor","branches":[{"name":"Cloud NGFW","category":"product_name","branches":[{"category":"product_version","name":"Cloud NGFW All","product":{"name":"Palo Alto Networks Cloud NGFW","product_id":"PANW-Cloud-NGFW-1"}}]},{"name":"PAN-OS","category":"product_name","branches":[{"category":"product_version","name":"PAN-OS All","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-1"}}]},{"name":"Prisma Access","category":"product_name","branches":[{"category":"product_version","name":"Prisma Access All","product":{"name":"Palo Alto Networks Prisma Access","product_id":"PANW-Prisma-Access-1"}}]}]}]},"vulnerabilities":[{"cve":"PAN-SA-2025-0005","product_status":{"known_affected":["PANW-PAN-OS-1","PANW-Prisma-Access-1"],"known_not_affected":["PANW-Cloud-NGFW-1"]},"notes":[{"category":"description","text":"Palo Alto Networks GlobalProtect Clientless VPN is intended to provide secure remote access to trusted internal applications. It is not meant to provide access to the Internet, intranet or multiple websites.\n\nWhen the Clientless VPN is misconfigured to allow access to the Internet or any internal website, it allows malicious scripts on one site to obtain sensitive information or modify content of any application accessible through the VPN including Clientless VPN itself.\n\nFor further details about the risks of Clientless VPNs please refer to https://www.kb.cert.org/vuls/id/261869\n\n"}],"references":[{"category":"external","summary":"NVD - PAN-SA-2025-0005","url":"https://nvd.nist.gov/vuln/detail/PAN-SA-2025-0005"},{"category":"self","summary":"Palo Alto Networks Security Advisory PAN-SA-2025-0005","url":"https://security.paloaltonetworks.com/PAN-SA-2025-0005"}],"threats":[{"category":"impact","description":"Palo Alto Networks GlobalProtect Clientless VPN is intended to provide secure remote access to trusted internal applications. It is not meant to provide access to the Internet, intranet or multiple websites.\n\nWhen the Clientless VPN is misconfigured to allow access to the Internet or any internal website, it allows malicious scripts on one site to obtain sensitive information or modify content of any application accessible through the VPN including Clientless VPN itself.\n\nFor further details about the risks of Clientless VPNs please refer to https://www.kb.cert.org/vuls/id/261869\n\n"}],"scores":[{"cvss_v4":{"version":"4.0","attackVector":"PHYSICAL","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"HIGH","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","subConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subAvailabilityImpact":"NONE","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED","exploitMaturity":"NOT_DEFINED","baseSeverity":"NONE","baseScore":0,"threatSeverity":"NONE","threatScore":0,"vectorString":"CVSS:4.0/AV:P/AC:H/AT:P/PR:H/UI:A/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N"},"products":["PANW-PAN-OS-1","PANW-Prisma-Access-1"]}]}]}