Information Disclosure Vulnerability in Palo Alto Networks PAN-OS® SD-WAN Feature
CVE-2025-4229

6MEDIUM

Key Information:

Vendor: Palo Alto Networks
Status: Cloud Ngfw; Pan-os; Prisma Access
Vendor: CVE Published:; 13 June 2025

🔔 Create Palo Alto Networks Vulnerability Alert

Badges

👾 Exploit Exists

What is CVE-2025-4229?

An information disclosure vulnerability exists in the SD-WAN feature of Palo Alto Networks PAN-OS® software. This security flaw allows unauthorized users to access unencrypted data transmitted from the firewall via the SD-WAN interface. To exploit this vulnerability, an attacker must be positioned in a way to intercept packets sent from the firewall, potentially exposing sensitive information. It's important to note that this vulnerability does not affect Cloud NGFW and Prisma® Access services.

Affected Version(s)

PAN-OS 11.2.0 < 11.2.7

PAN-OS 11.1.0 < 11.1.10

PAN-OS 10.2.0 < 10.2.17

References

https://security.paloaltonetworks.com/CVE-2025-4229

vendor-advisory

CVSS V4

Score:

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Jun 13, 2025
Vulnerability published
Jun 13, 2025
Vulnerability Reserved
May 2, 2025

Credit

MMS Technology