Denial of Service Vulnerability in Palo Alto Networks PAN-OS Software
CVE-2025-0128

5.3MEDIUM

Key Information:

Vendor: Palo Alto Networks
Status: Cloud Ngfw; Pan-os; Prisma Access
Vendor: CVE Published:; 11 April 2025

Badges

📈 Score: 382👾 Exploit Exists

What is CVE-2025-0128?

CVE-2025-0128 is a denial-of-service (DoS) vulnerability found in the Simple Certificate Enrollment Protocol (SCEP) feature of Palo Alto Networks' PAN-OS software. PAN-OS is designed to operate as a security operating system for next-generation firewalls, providing advanced threat protection and securing network traffic. This vulnerability allows an unauthenticated attacker to exploit the SCEP authentication mechanism by sending a specially crafted packet, which can lead to system reboots. If exploited repeatedly, the firewall enters maintenance mode, which can disrupt network security and accessibility for organizations relying on this software.

Technical Details

The vulnerability arises from the SCEP feature within PAN-OS, which is intended for automated certificate management and authentication processes. An attacker can send malicious packets to the system, prompting a reboot and potentially forcing the system into maintenance mode after repeated attempts. This unauthorized access does not require credentials, significantly increasing the risk for exposed devices. Palo Alto Networks has confirmed that their Cloud NGFW service is not vulnerable, and the Prisma Access software has been proactively secured against this issue.

Potential impact of CVE-2025-0128

Network Disruption: Organizations may experience significant interruptions in service availability as their firewalls frequently reboot or enter maintenance mode, which could lead to loss of control over network traffic and increased vulnerability to other attacks.
Security Lapse: With firewalls unable to function properly, there is a heightened risk of unauthorized access to the network. This situation can expose sensitive data and critical infrastructure to potential breaches or attacks.
Operational Downtime: Frequent reboots and maintenance mode can lead to operational challenges for organizations, hindering productivity and potentially affecting overall business operations while IT teams work to address the vulnerability.

Affected Version(s)

PAN-OS 11.2.0 < 11.2.3

PAN-OS 11.1.0 < 11.1.5

PAN-OS 11.0.0 < 11.0.6

References

https://security.paloaltonetworks.com/CVE-2025-0128

vendor-advisory

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

👾
Exploit known to exist
Apr 11, 2025
Vulnerability published
Apr 11, 2025
Vulnerability Reserved
Dec 20, 2024

Credit

Abyss Watcher