Inappropriate Control Behavior in Prisma Access Browser by Palo Alto Networks
CVE-2025-0129

8.4HIGH

Key Information:

Vendor: Palo Alto Networks
Status: Prisma Access Browser
Vendor: CVE Published:; 11 April 2025

🔔 Create Palo Alto Networks Vulnerability Alert

Badges

👾 Exploit Exists

What is CVE-2025-0129?

The Prisma Access Browser from Palo Alto Networks is vulnerable to inappropriate control behavior, which could lead to security weaknesses. This vulnerability may allow an attacker to exploit the control mechanisms within the browser, potentially compromising the integrity of user sessions or sensitive data. Users of Prisma Access are encouraged to review the vendor's advisory for detailed information on the vulnerability and recommended mitigation steps.

Affected Version(s)

Prisma Access Browser 1 < 132.83.3017.1

References

https://security.paloaltonetworks.com/PAN-SA-2025-0008

vendor-advisory

CVSS V4

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Apr 11, 2025
Vulnerability published
Apr 11, 2025
Vulnerability Reserved
Dec 20, 2024

Credit

Palo Alto Networks thanks Tan Inn Fung, Yu Ann Ong, Zhang Bosen from the GovTech Cybersecurity Group for discovering and reporting CVE-2025-0129.