Session Fixation Vulnerability in GlobalProtect by Palo Alto Networks
CVE-2025-0126

8.3HIGH

Key Information:

Vendor: Palo Alto Networks
Status: Cloud Ngfw; Pan-os; Prisma Access
Vendor: CVE Published:; 11 April 2025

Badges

👾 Exploit Exists

Summary

A session fixation vulnerability in GlobalProtect's SAML login allows attackers to impersonate legitimate users by tricking them into clicking a malicious link. Once exploited, the attacker can perform actions as the compromised user. It is important to note that the SAML login for the PAN-OS management interface remains unaffected by this issue. Furthermore, Cloud NGFW and all instances of Prisma Access have been proactively patched to prevent exploitation.

Affected Version(s)

PAN-OS 11.2.0 < 11.2.3

PAN-OS 11.1.0 < 11.1.5

PAN-OS 11.0.0 < 11.0.6

References

https://security.paloaltonetworks.com/CVE-2025-0126

vendor-advisory

CVSS V4

Score:

8.3

Severity:

HIGH

Confidentiality:

None

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Timeline

👾
Exploit known to exist
Apr 11, 2025
Vulnerability published
Apr 11, 2025
Vulnerability Reserved
Dec 20, 2024

Credit

D'Angelo Gonzalez of CrowdStrike