Information Disclosure Vulnerability in Palo Alto Networks PAN-OS Software
CVE-2025-4614

4.8MEDIUM

Key Information:

Vendor: Palo Alto Networks
Status: Cloud Ngfw; Pan-os; Prisma Access
Vendor: CVE Published:; 9 October 2025

🔔 Create Palo Alto Networks Vulnerability Alert

Badges

👾 Exploit Exists

What is CVE-2025-4614?

An information disclosure flaw in Palo Alto Networks PAN-OS allows authenticated administrators to access session tokens of users connected to the firewall web interface. This could lead to potential user impersonation if these tokens are leaked. To mitigate the risks associated with this vulnerability, it's crucial to limit CLI access to only a select group of administrators. Notably, Cloud NGFW and Prisma Access services are not impacted by this issue.

Affected Version(s)

PAN-OS 11.2.0 < 11.2.8

PAN-OS 11.1.0 < 11.1.12

PAN-OS 10.2.0 < 10.2.17

References

https://security.paloaltonetworks.com/CVE-2025-4614

vendor-advisory

CVSS V4

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Oct 9, 2025
Vulnerability published
Oct 9, 2025
Vulnerability Reserved
May 12, 2025

Credit

Visa Inc.

JSON