{"document":{"category":"csaf_vex","csaf_version":"2.1","notes":[{"category":"summary","text":"Palo Alto Networks PSIRT provided VEX document. This document is autogenerated.","title":"Chromium and Prisma Browser: Monthly Vulnerability Update (November 2025)"}],"publisher":{"category":"vendor","name":"Palo Alto Networks","namespace":"https://security.paloaltonetworks.com"},"title":"Palo Alto Networks PSIRT provided VEX document: PAN-SA-2025-0018","distribution":{"text":"Copyright © 2024 Palo Alto Networks. All rights reserved.","tlp":{"label":"CLEAR","url":"https://www.first.org/tlp/"}},"tracking":{"current_release_date":"2026-03-06T01:50:43.397Z","generator":{"date":"2026-03-06T01:50:43.397Z","engine":{"name":"Vulnogram","version":"0.1.0-dev"}},"id":"PAN-SA-2025-0018","initial_release_date":"2025-11-12T17:00:00.000Z","revision_history":[{"number":"1","date":"2025-11-12T09:00:00.000Z","summary":"Initial Publication"}],"status":"final","version":"1"}},"product_tree":{"branches":[{"name":"Palo Alto Networks","category":"vendor","branches":[{"name":"Prisma Browser","category":"product_name","branches":[{"category":"product_version_range","name":"vers:generic/Prisma Browser<142.15.2.60","product":{"name":"Palo Alto Networks Prisma Browser","product_id":"PANW-Prisma-Browser-51"}},{"category":"product_version_range","name":"vers:generic/Prisma Browser>=142.15.6.60","product":{"name":"Palo Alto Networks Prisma Browser","product_id":"PANW-Prisma-Browser-53"}}]}]}]},"vulnerabilities":[{"cve":"CVE-2025-12428","product_status":{"fixed":["PANW-Prisma-Browser-53"],"known_affected":["PANW-Prisma-Browser-51"]},"notes":[{"category":"description","text":"Type Confusion in V8"}],"references":[{"category":"external","summary":"NVD - CVE-2025-12428","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-12428"},{"category":"self","summary":"Palo Alto Networks Security Advisory PAN-SA-2025-0018","url":"https://security.paloaltonetworks.com/PAN-SA-2025-0018"}],"threats":[{"category":"impact","description":"Type Confusion in V8"}]},{"cve":"CVE-2025-12429","product_status":{"fixed":["PANW-Prisma-Browser-53"],"known_affected":["PANW-Prisma-Browser-51"]},"notes":[{"category":"description","text":"Inappropriate implementation in V8"}],"references":[{"category":"external","summary":"NVD - CVE-2025-12429","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-12429"},{"category":"self","summary":"Palo Alto Networks Security Advisory PAN-SA-2025-0018","url":"https://security.paloaltonetworks.com/PAN-SA-2025-0018"}],"threats":[{"category":"impact","description":"Inappropriate implementation in V8"}]},{"cve":"CVE-2025-12430","product_status":{"fixed":["PANW-Prisma-Browser-53"],"known_affected":["PANW-Prisma-Browser-51"]},"notes":[{"category":"description","text":"Object lifecycle issue in Media"}],"references":[{"category":"external","summary":"NVD - CVE-2025-12430","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-12430"},{"category":"self","summary":"Palo Alto Networks Security Advisory PAN-SA-2025-0018","url":"https://security.paloaltonetworks.com/PAN-SA-2025-0018"}],"threats":[{"category":"impact","description":"Object lifecycle issue in Media"}]},{"cve":"CVE-2025-12431","product_status":{"fixed":["PANW-Prisma-Browser-53"],"known_affected":["PANW-Prisma-Browser-51"]},"notes":[{"category":"description","text":"Inappropriate implementation in Extensions"}],"references":[{"category":"external","summary":"NVD - CVE-2025-12431","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-12431"},{"category":"self","summary":"Palo Alto Networks Security Advisory PAN-SA-2025-0018","url":"https://security.paloaltonetworks.com/PAN-SA-2025-0018"}],"threats":[{"category":"impact","description":"Inappropriate implementation in Extensions"}]},{"cve":"CVE-2025-12432","product_status":{"fixed":["PANW-Prisma-Browser-53"],"known_affected":["PANW-Prisma-Browser-51"]},"notes":[{"category":"description","text":"Race in V8"}],"references":[{"category":"external","summary":"NVD - CVE-2025-12432","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-12432"},{"category":"self","summary":"Palo Alto Networks Security Advisory PAN-SA-2025-0018","url":"https://security.paloaltonetworks.com/PAN-SA-2025-0018"}],"threats":[{"category":"impact","description":"Race in V8"}]},{"cve":"CVE-2025-12433","product_status":{"fixed":["PANW-Prisma-Browser-53"],"known_affected":["PANW-Prisma-Browser-51"]},"notes":[{"category":"description","text":"Inappropriate implementation in V8"}],"references":[{"category":"external","summary":"NVD - CVE-2025-12433","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-12433"},{"category":"self","summary":"Palo Alto Networks Security Advisory PAN-SA-2025-0018","url":"https://security.paloaltonetworks.com/PAN-SA-2025-0018"}],"threats":[{"category":"impact","description":"Inappropriate implementation in V8"}]},{"cve":"CVE-2025-12036","product_status":{"fixed":["PANW-Prisma-Browser-53"],"known_affected":["PANW-Prisma-Browser-51"]},"notes":[{"category":"description","text":"Inappropriate implementation in V8"}],"references":[{"category":"external","summary":"NVD - CVE-2025-12036","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-12036"},{"category":"self","summary":"Palo Alto Networks Security Advisory PAN-SA-2025-0018","url":"https://security.paloaltonetworks.com/PAN-SA-2025-0018"}],"threats":[{"category":"impact","description":"Inappropriate implementation in V8"}]},{"cve":"CVE-2025-12434","product_status":{"fixed":["PANW-Prisma-Browser-53"],"known_affected":["PANW-Prisma-Browser-51"]},"notes":[{"category":"description","text":"Race in Storage"}],"references":[{"category":"external","summary":"NVD - CVE-2025-12434","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-12434"},{"category":"self","summary":"Palo Alto Networks Security Advisory PAN-SA-2025-0018","url":"https://security.paloaltonetworks.com/PAN-SA-2025-0018"}],"threats":[{"category":"impact","description":"Race in Storage"}]},{"cve":"CVE-2025-12435","product_status":{"fixed":["PANW-Prisma-Browser-53"],"known_affected":["PANW-Prisma-Browser-51"]},"notes":[{"category":"description","text":"Incorrect security UI in Omnibox"}],"references":[{"category":"external","summary":"NVD - CVE-2025-12435","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-12435"},{"category":"self","summary":"Palo Alto Networks Security Advisory PAN-SA-2025-0018","url":"https://security.paloaltonetworks.com/PAN-SA-2025-0018"}],"threats":[{"category":"impact","description":"Incorrect security UI in Omnibox"}]},{"cve":"CVE-2025-12436","product_status":{"fixed":["PANW-Prisma-Browser-53"],"known_affected":["PANW-Prisma-Browser-51"]},"notes":[{"category":"description","text":"Policy bypass in Extensions"}],"references":[{"category":"external","summary":"NVD - CVE-2025-12436","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-12436"},{"category":"self","summary":"Palo Alto Networks Security Advisory PAN-SA-2025-0018","url":"https://security.paloaltonetworks.com/PAN-SA-2025-0018"}],"threats":[{"category":"impact","description":"Policy bypass in Extensions"}]},{"cve":"CVE-2025-12437","product_status":{"fixed":["PANW-Prisma-Browser-53"],"known_affected":["PANW-Prisma-Browser-51"]},"notes":[{"category":"description","text":"Use after free in PageInfo"}],"references":[{"category":"external","summary":"NVD - CVE-2025-12437","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-12437"},{"category":"self","summary":"Palo Alto Networks Security Advisory PAN-SA-2025-0018","url":"https://security.paloaltonetworks.com/PAN-SA-2025-0018"}],"threats":[{"category":"impact","description":"Use after free in PageInfo"}]},{"cve":"CVE-2025-12438","product_status":{"fixed":["PANW-Prisma-Browser-53"],"known_affected":["PANW-Prisma-Browser-51"]},"notes":[{"category":"description","text":"Use after free in Ozone"}],"references":[{"category":"external","summary":"NVD - CVE-2025-12438","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-12438"},{"category":"self","summary":"Palo Alto Networks Security Advisory PAN-SA-2025-0018","url":"https://security.paloaltonetworks.com/PAN-SA-2025-0018"}],"threats":[{"category":"impact","description":"Use after free in Ozone"}]},{"cve":"CVE-2025-12439","product_status":{"fixed":["PANW-Prisma-Browser-53"],"known_affected":["PANW-Prisma-Browser-51"]},"notes":[{"category":"description","text":"Inappropriate implementation in App-Bound Encryption"}],"references":[{"category":"external","summary":"NVD - CVE-2025-12439","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-12439"},{"category":"self","summary":"Palo Alto Networks Security Advisory PAN-SA-2025-0018","url":"https://security.paloaltonetworks.com/PAN-SA-2025-0018"}],"threats":[{"category":"impact","description":"Inappropriate implementation in App-Bound Encryption"}]},{"cve":"CVE-2025-12440","product_status":{"fixed":["PANW-Prisma-Browser-53"],"known_affected":["PANW-Prisma-Browser-51"]},"notes":[{"category":"description","text":"Inappropriate implementation in Autofill"}],"references":[{"category":"external","summary":"NVD - CVE-2025-12440","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-12440"},{"category":"self","summary":"Palo Alto Networks Security Advisory PAN-SA-2025-0018","url":"https://security.paloaltonetworks.com/PAN-SA-2025-0018"}],"threats":[{"category":"impact","description":"Inappropriate implementation in Autofill"}]},{"cve":"CVE-2025-12441","product_status":{"fixed":["PANW-Prisma-Browser-53"],"known_affected":["PANW-Prisma-Browser-51"]},"notes":[{"category":"description","text":"Out of bounds read in V8"}],"references":[{"category":"external","summary":"NVD - CVE-2025-12441","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-12441"},{"category":"self","summary":"Palo Alto Networks Security Advisory PAN-SA-2025-0018","url":"https://security.paloaltonetworks.com/PAN-SA-2025-0018"}],"threats":[{"category":"impact","description":"Out of bounds read in V8"}]},{"cve":"CVE-2025-12443","product_status":{"fixed":["PANW-Prisma-Browser-53"],"known_affected":["PANW-Prisma-Browser-51"]},"notes":[{"category":"description","text":"Out of bounds read in WebXR"}],"references":[{"category":"external","summary":"NVD - CVE-2025-12443","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-12443"},{"category":"self","summary":"Palo Alto Networks Security Advisory PAN-SA-2025-0018","url":"https://security.paloaltonetworks.com/PAN-SA-2025-0018"}],"threats":[{"category":"impact","description":"Out of bounds read in WebXR"}]},{"cve":"CVE-2025-12444","product_status":{"fixed":["PANW-Prisma-Browser-53"],"known_affected":["PANW-Prisma-Browser-51"]},"notes":[{"category":"description","text":"Incorrect security UI in Fullscreen UI"}],"references":[{"category":"external","summary":"NVD - CVE-2025-12444","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-12444"},{"category":"self","summary":"Palo Alto Networks Security Advisory PAN-SA-2025-0018","url":"https://security.paloaltonetworks.com/PAN-SA-2025-0018"}],"threats":[{"category":"impact","description":"Incorrect security UI in Fullscreen UI"}]},{"cve":"CVE-2025-12445","product_status":{"fixed":["PANW-Prisma-Browser-53"],"known_affected":["PANW-Prisma-Browser-51"]},"notes":[{"category":"description","text":"Policy bypass in Extensions"}],"references":[{"category":"external","summary":"NVD - CVE-2025-12445","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-12445"},{"category":"self","summary":"Palo Alto Networks Security Advisory PAN-SA-2025-0018","url":"https://security.paloaltonetworks.com/PAN-SA-2025-0018"}],"threats":[{"category":"impact","description":"Policy bypass in Extensions"}]},{"cve":"CVE-2025-12446","product_status":{"fixed":["PANW-Prisma-Browser-53"],"known_affected":["PANW-Prisma-Browser-51"]},"notes":[{"category":"description","text":"Incorrect security UI in SplitView"}],"references":[{"category":"external","summary":"NVD - CVE-2025-12446","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-12446"},{"category":"self","summary":"Palo Alto Networks Security Advisory PAN-SA-2025-0018","url":"https://security.paloaltonetworks.com/PAN-SA-2025-0018"}],"threats":[{"category":"impact","description":"Incorrect security UI in SplitView"}]},{"cve":"CVE-2025-12447","product_status":{"fixed":["PANW-Prisma-Browser-53"],"known_affected":["PANW-Prisma-Browser-51"]},"notes":[{"category":"description","text":"Incorrect security UI in Omnibox"}],"references":[{"category":"external","summary":"NVD - CVE-2025-12447","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-12447"},{"category":"self","summary":"Palo Alto Networks Security Advisory PAN-SA-2025-0018","url":"https://security.paloaltonetworks.com/PAN-SA-2025-0018"}],"threats":[{"category":"impact","description":"Incorrect security UI in Omnibox"}]},{"cve":"CVE-2025-4616","product_status":{"fixed":["PANW-Prisma-Browser-53"],"known_affected":["PANW-Prisma-Browser-51"]},"notes":[{"category":"description","text":"Prisma Browser: Insufficient Validation of Untrusted Input Vulnerability in Prisma Browser"}],"references":[{"category":"external","summary":"NVD - CVE-2025-4616","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-4616"},{"category":"self","summary":"Palo Alto Networks Security Advisory PAN-SA-2025-0018","url":"https://security.paloaltonetworks.com/PAN-SA-2025-0018"}],"threats":[{"category":"impact","description":"Prisma Browser: Insufficient Validation of Untrusted Input Vulnerability in Prisma Browser"}]},{"cve":"CVE-2025-4617","product_status":{"fixed":["PANW-Prisma-Browser-53"],"known_affected":["PANW-Prisma-Browser-51"]},"notes":[{"category":"description","text":"Prisma Browser: Insufficient Policy Enforcement Vulnerability in Prisma Browser"}],"references":[{"category":"external","summary":"NVD - CVE-2025-4617","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-4617"},{"category":"self","summary":"Palo Alto Networks Security Advisory PAN-SA-2025-0018","url":"https://security.paloaltonetworks.com/PAN-SA-2025-0018"}],"threats":[{"category":"impact","description":"Prisma Browser: Insufficient Policy Enforcement Vulnerability in Prisma Browser"}]},{"cve":"CVE-2025-4618","product_status":{"fixed":["PANW-Prisma-Browser-53"],"known_affected":["PANW-Prisma-Browser-51"]},"notes":[{"category":"description","text":"Prisma Browser: Sensitive Information Disclosure Vulnerability in Prisma Browser"}],"references":[{"category":"external","summary":"NVD - CVE-2025-4618","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-4618"},{"category":"self","summary":"Palo Alto Networks Security Advisory PAN-SA-2025-0018","url":"https://security.paloaltonetworks.com/PAN-SA-2025-0018"}],"threats":[{"category":"impact","description":"Prisma Browser: Sensitive Information Disclosure Vulnerability in Prisma Browser"}]}]}