Insufficient Policy Enforcement in Prisma® Browser by Palo Alto Networks
CVE-2025-4617

1.1LOW

Key Information:

Vendor: Palo Alto Networks
Status: Prisma Browser
Vendor: CVE Published:; 14 November 2025

🔔 Create Palo Alto Networks Vulnerability Alert

Badges

👾 Exploit Exists

What is CVE-2025-4617?

An insufficient policy enforcement vulnerability exists in Palo Alto Networks’ Prisma® Browser for Windows, which could allow a locally authenticated non-admin user to bypass critical screenshot control features. This compromise can potentially expose sensitive content and undermine the security measures intended to protect user data. To counteract this risk, it is recommended to enable browser self-protection features.

Affected Version(s)

Prisma Browser 142.15.6.0 <= 142.15.6.60

References

https://security.paloaltonetworks.com/CVE-2025-4617

vendor-advisory

CVSS V4

Score:

1.1

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Nov 14, 2025
Vulnerability published
Nov 14, 2025
Vulnerability Reserved
May 12, 2025

Credit

Palo Alto Networks thanks Tan Inn Fung, Yu Ann Ong, Zhang Bosen from the GovTech Cybersecurity Group for discovering and reporting this issue.

JSON