Improper Input Neutralization Vulnerability in Palo Alto Networks PAN-OS Management Interface
CVE-2025-0137

2LOW

Key Information:

Vendor: Palo Alto Networks
Status: Cloud Ngfw; Pan-os
Vendor: CVE Published:; 14 May 2025

🔔 Create Palo Alto Networks Vulnerability Alert

Badges

👾 Exploit Exists

What is CVE-2025-0137?

An improper input neutralization vulnerability exists within the management web interface of Palo Alto Networks PAN-OS software. This flaw allows an authenticated administrator with read-write access to impersonate another legitimate authenticated PAN-OS administrator. To mitigate the risk of this vulnerability, it is essential to restrict access to the management web interface to trusted internal IP addresses. Following Palo Alto Networks' recommended deployment guidelines can significantly enhance your security posture.

Affected Version(s)

PAN-OS 11.2.0 < 11.2.5

PAN-OS 11.1.0 < 11.1.8

PAN-OS 10.2.0 < 10.2.13

References

https://security.paloaltonetworks.com/CVE-2025-0137

vendor-advisory

CVSS V4

Score:

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
May 14, 2025
Vulnerability published
May 14, 2025
Vulnerability Reserved
Dec 20, 2024

Credit

Jasper Westerman, Harm Blankers and Yanick de Pater of REQON B.V.

a customer