Information Disclosure Vulnerability in Palo Alto Networks PAN-OS Software
CVE-2025-4614

4.8MEDIUM

Key Information:

Vendor: Palo Alto Networks
Status: Cloud Ngfw; Pan-os; Prisma Access
Vendor: CVE Published:; 9 October 2025

🔔 Create Palo Alto Networks Vulnerability Alert

Badges

👾 Exploit Exists

What is CVE-2025-4614?

An information disclosure flaw in Palo Alto Networks PAN-OS allows authenticated administrators to access session tokens of users connected to the firewall web interface. This could lead to potential user impersonation if these tokens are leaked. To mitigate the risks associated with this vulnerability, it's crucial to limit CLI access to only a select group of administrators. Notably, Cloud NGFW and Prisma Access services are not impacted by this issue.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

PAN-OS 11.2.0 < 11.2.8

PAN-OS 11.1.0 < 11.1.12

PAN-OS 10.2.0 < 10.2.17

References

https://security.paloaltonetworks.com/CVE-2025-4614

vendor-advisory

CVSS V4

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Timeline

👾
Exploit known to exist
Oct 9, 2025
Vulnerability published
Oct 9, 2025
Vulnerability Reserved
May 12, 2025

Credit

Visa Inc.

JSON

Palo Alto Networks

Badges

What is CVE-2025-4614?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V4

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.