Session Management Vulnerability in Palo Alto Networks Prisma Cloud Compute Edition
CVE-2025-0138

2LOW

Key Information:

Vendor

Palo Alto Networks
Status
Prisma Cloud Compute Edition
Compute In Prisma Cloud Enterprise Edition
Vendor
CVE Published:
14 May 2025

Badges

👾 Exploit Exists

What is CVE-2025-0138?

A vulnerability in the web interface of Palo Alto Networks Prisma Cloud Compute Edition allows user sessions to persist even after a user is deleted. This flaw compromises the security of the application, enabling unauthorized access to sensitive data and system resources. It is important for users of Prisma Cloud Compute Edition to take immediate action to manage their sessions effectively and ensure that they are aware of potential risks associated with this vulnerability.

Affected Version(s)

Prisma Cloud Compute Edition 1 < 34.00.141

Compute in Prisma Cloud Enterprise Edition All

References

https://security.paloaltonetworks.com/CVE-2025-0138
vendor-advisory

CVSS V4

Score:
2
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Maciej Pypec of ING
.
CVE-2025-0138 : Session Management Vulnerability in Palo Alto Networks Prisma Cloud Compute Edition