Reflected XSS Vulnerability in Palo Alto Networks GlobalProtect PAN-OS
CVE-2025-0133

6.9MEDIUM

Key Information:

Vendor

Palo Alto Networks
Status
Pan-os
Vendor
CVE Published:
14 May 2025

Badges

🔥 Trending now📈 Trended📈 Score: 3,750👾 Exploit Exists🟡 Public PoC📰 News Worthy

What is CVE-2025-0133?

CVE-2025-0133 is a reflected cross-site scripting (XSS) vulnerability identified in the GlobalProtect™ features of Palo Alto Networks’ PAN-OS® software. GlobalProtect is a security solution that provides secure access to applications and resources over a virtual private network (VPN). This particular vulnerability allows attackers to execute malicious JavaScript code in the web browsers of authenticated users when they interact with specially crafted links. Such exploitation can result in significant security risks, particularly with the potential for phishing attacks that target users' credentials. While the vulnerability does not compromise the functionality or configurations of the GlobalProtect system itself, it opens the door to attacks that could leverage the appearance of legitimacy associated with the GlobalProtect portal.

Potential Impact of CVE-2025-0133

  1. Credential Theft: The primary threat posed by this vulnerability lies in its potential to facilitate phishing attacks. If an authenticated user clicks on a malicious link, attackers can steal sensitive login credentials, leading to unauthorized access to secure resources and applications.

  2. Limited Confidentiality Risks: For users with Clientless VPN enabled, there is an inherent risk of credential exposure. This vulnerability can exacerbate those risks, particularly by allowing attackers to craft phishing links that appear to originate from the legitimate GlobalProtect portal.

  3. Increased Phishing Risk: The ability to execute script in the context of a user’s session could lead to an increase in successful phishing attempts, heightening the overall risk of social engineering attacks that target enterprise environments relying on GlobalProtect for secure access.

Affected Version(s)

PAN-OS 11.2.0 < 11.2.8

PAN-OS 11.1.0 < 11.1.11

PAN-OS 10.2.0 < 10.2.17

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

-CVE-2025-0133-GlobalProtect-XSS
Created by ynsmroztas

News Articles

favicon imageGBHackers News

Critical Vulnerability in Palo Alto GlobalProtect Gateway & Portal Enables Remote Code Execution

Reflected cross-site scripting (XSS) vulnerability in Palo Alto Networks’ GlobalProtect gateway and portal features (CVE-2025-0133) has been disclosed.

1 month ago

References

https://security.paloaltonetworks.com/CVE-2025-0133
vendor-advisory

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 🟡

    Public PoC available

  • 📈

    Vulnerability started trending

  • 📰

    First article discovered by GBHackers News

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

XBOW Security
.
CVE-2025-0133 : Reflected XSS Vulnerability in Palo Alto Networks GlobalProtect PAN-OS