Inappropriate Control Behavior in Prisma Access Browser by Palo Alto Networks
CVE-2025-0129

9.4CRITICAL

Key Information:

Vendor: Palo Alto Networks
Status: Prisma Access Browser
Vendor: CVE Published:; 11 April 2025

Badges

👾 Exploit Exists

Summary

The Prisma Access Browser from Palo Alto Networks is vulnerable to inappropriate control behavior, which could lead to security weaknesses. This vulnerability may allow an attacker to exploit the control mechanisms within the browser, potentially compromising the integrity of user sessions or sensitive data. Users of Prisma Access are encouraged to review the vendor's advisory for detailed information on the vulnerability and recommended mitigation steps.

Affected Version(s)

Prisma Access Browser 0 < 132.83.3017.1

References

https://security.paloaltonetworks.com/PAN-SA-2025-0008

vendor-advisory

CVSS V4

Score:

9.4

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Timeline

👾
Exploit known to exist
Apr 11, 2025
Vulnerability published
Apr 11, 2025
Vulnerability Reserved
Dec 20, 2024

Credit

Palo Alto Networks thanks Tan Inn Fung, Yu Ann Ong, Zhang Bosen from the GovTech Cybersecurity Group for discovering and reporting CVE-2025-0129.