Palo Alto Networks Security Advisories

1 - 25 of 438

CVSS	Summary	Versions	Affected	Unaffected	Published	Updated
2.2	CVE-2025-0118 GlobalProtect App: Execution of Unsafe ActiveX Control Vulnerability	GlobalProtect App GlobalProtect App 6.3 GlobalProtect App 6.2 GlobalProtect App 6.1 GlobalProtect App 6.0 GlobalProtect UWP App	None on macOS, Linux, iOS, Android, Chrome OS < 6.3.3 on Windows < 6.2.5 on Windows < 6.1.6 on Windows < 6.0.11 on Windows None	All on macOS, Linux, iOS, Android, Chrome OS >= 6.3.3 on Windows >= 6.2.5 on Windows >= 6.1.6 on Windows >= 6.0.11 on Windows All	2025-03-12	2025-03-12
4.3	CVE-2025-0117 GlobalProtect App: Local Privilege Escalation (PE) Vulnerability	GlobalProtect App GlobalProtect App 6.3 GlobalProtect App 6.2 GlobalProtect App 6.1 GlobalProtect App 6.0 GlobalProtect UWP App	None on iOS, None on Android, None on Chrome OS, None on macOS < 6.3.3 on Windows < 6.2.6 on Windows All on Windows All on Windows None	All on iOS, All on Android, All on Chrome OS, All on macOS >= 6.3.3 on Windows (ETA: April 2025) >= 6.2.6 on Windows None on Windows None on Windows All	2025-03-12	2025-03-12
4.3	CVE-2025-0116 PAN-OS: Firewall Denial of Service (DoS) Using a Specially Crafted LLDP Frame	Cloud NGFW PAN-OS 11.2 PAN-OS 11.1 PAN-OS 10.2 PAN-OS 10.1 Prisma Access	None < 11.2.5 < 11.1.8 < 10.2.13-h5, < 10.2.14 < 10.1.14-h11 None	All >= 11.2.5 >= 11.1.8 (ETA: 3/13/2025) >= 10.2.13-h5, >= 10.2.14 (ETA: 4/3/2025) >= 10.1.14-h11 All	2025-03-12	2025-03-12
4.3	CVE-2025-0115 PAN-OS: Authenticated Admin File Read Vulnerability in PAN-OS CLI	Cloud NGFW PAN-OS 11.2 PAN-OS 11.1 PAN-OS 11.0 PAN-OS 10.2 PAN-OS 10.1 Prisma Access	None < 11.2.3 < 11.1.5 < 11.0.6 < 10.2.11 < 10.1.14-h11 None	All >= 11.2.3 >= 11.1.5 >= 11.0.6 >= 10.2.11 >= 10.1.14-h11 All	2025-03-12	2025-03-12
4.6	CVE-2025-0114 PAN-OS: Denial of Service (DoS) in GlobalProtect	Cloud NGFW PAN-OS 11.2 PAN-OS 11.1 PAN-OS 11.0 PAN-OS 10.2 PAN-OS 10.1 Prisma Access	None None None < 11.0.2 < 10.2.5 < 10.1.14-h11 None	All All All >= 11.0.2 >= 10.2.5 >= 10.1.14-h11 All	2025-03-12	2025-03-12
7.6	PAN-SA-2025-0007 Chromium: Monthly Vulnerability Update (March 2025)	Prisma Access Browser	< 133.16.4.99	>= 134.7.4.44	2025-03-12	2025-03-12
4.9	CVE-2025-0113 Cortex XDR Broker VM: Unauthorized Access to Broker VM Docker Containers	Cortex XDR Broker VM	< 26.0.116	>= 26.0.116	2025-02-12	2025-02-12
i	PAN-SA-2025-0006 Informational Bulletin: Impact of OSS CVEs in PAN-OS	PAN-OS	None	All	2025-02-12	2025-02-12
i	PAN-SA-2025-0005 GlobalProtect Clientless VPN: Clientless VPN Misconfiguration Allows Cross-Site Attacks	Cloud NGFW PAN-OS Prisma Access	None All All	All None None	2025-02-12	2025-02-12
6.1	PAN-SA-2025-0004 Chromium: Monthly Vulnerability Update (February 2025)	Prisma Access Browser	< 132.111.3017.2	>= 133.8.10.54	2025-02-12	2025-02-12
6.6	CVE-2024-1135 Impact of CVE-2024-1135	Cortex XDR Broker VM	< 25.105.6	>= 25.105.6	2025-02-12	2025-02-12
4.3	CVE-2025-0112 Cortex XDR Agent: Local Windows User Can Disable the Agent	Cortex XDR Agent 8.6 Cortex XDR Agent 8.5 Cortex XDR Agent 8.4 Cortex XDR Agent 8.3-CE	None on Windows < 8.5.1 on Windows All on Windows * < 8.3.101-CE on Windows	All on Windows >= 8.5.1 on Windows None on Windows * >= 8.3.101-CE on Windows	2025-02-12	2025-02-12
7.1	CVE-2025-0111 PAN-OS: Authenticated File Read Vulnerability in the Management Web Interface	Cloud NGFW PAN-OS 11.2 PAN-OS 11.1 PAN-OS 10.2 PAN-OS 10.1 Prisma Access	None < 11.2.4-h4, < 11.2.5 < 11.1.2-h18, < 11.1.4-h13, < 11.1.6-h1 < 10.2.7-h24, < 10.2.8-h21, < 10.2.9-h21, < 10.2.10-h14, < 10.2.11-h12, < 10.2.12-h6, < 10.2.13-h3 < 10.1.14-h9 None	All >= 11.2.4-h4, >= 11.2.5 >= 11.1.2-h18, >= 11.1.4-h13, >= 11.1.6-h1 >= 10.2.7-h24, >= 10.2.8-h21, >= 10.2.9-h21, >= 10.2.10-h14, >= 10.2.11-h12, >= 10.2.12-h6, >= 10.2.13-h3 >= 10.1.14-h9 All	2025-02-12	2025-03-06
7.3	CVE-2025-0110 PAN-OS OpenConfig Plugin: Command Injection Vulnerability in OpenConfig Plugin	PAN-OS OpenConfig Plugin	< 2.1.2	>= 2.1.2	2025-02-12	2025-02-21
5.5	CVE-2025-0109 PAN-OS: Unauthenticated File Deletion Vulnerability on the Management Web Interface	Cloud NGFW PAN-OS 11.2 PAN-OS 11.1 PAN-OS 10.2 PAN-OS 10.1 Prisma Access	None < 11.2.4-h4, < 11.2.5 < 11.1.2-h18, < 11.1.4-h13, < 11.1.6-h1 < 10.2.7-h24, < 10.2.8-h21, < 10.2.9-h21, < 10.2.10-h14, < 10.2.11-h12, < 10.2.12-h6, < 10.2.13-h3 < 10.1.14-h9 None	All >= 11.2.4-h4, >= 11.2.5 >= 11.1.2-h18, >= 11.1.4-h13, >= 11.1.6-h1 >= 10.2.7-h24, >= 10.2.8-h21, >= 10.2.9-h21, >= 10.2.10-h14, >= 10.2.11-h12, >= 10.2.12-h6, >= 10.2.13-h3 >= 10.1.14-h9 All	2025-02-12	2025-03-06
8.8	CVE-2025-0108 PAN-OS: Authentication Bypass in the Management Web Interface	Cloud NGFW PAN-OS 11.2 PAN-OS 11.1 PAN-OS 10.2 PAN-OS 10.1 Prisma Access	None < 11.2.4-h4, < 11.2.5 < 11.1.2-h18, < 11.1.4-h13, < 11.1.6-h1 < 10.2.7-h24, < 10.2.8-h21, < 10.2.9-h21, < 10.2.10-h14, < 10.2.11-h12, < 10.2.12-h6, < 10.2.13-h3 < 10.1.14-h9 None	All >= 11.2.4-h4, >= 11.2.5 >= 11.1.2-h18, >= 11.1.4-h13, >= 11.1.6-h1 >= 10.2.7-h24, >= 10.2.8-h21, >= 10.2.9-h21, >= 10.2.10-h14, >= 10.2.11-h12, >= 10.2.12-h6, >= 10.2.13-h3 >= 10.1.14-h9 All	2025-02-12	2025-03-06
i	PAN-SA-2025-0003 Informational: PAN-OS BIOS and Bootloader Security Bulletin	Cloud NGFW PAN-OS Prisma Access	None All on PA-3200, PA-5200, PA-7000 None	All None on PA-3200, PA-5200, PA-7000. No other platforms are affected All	2025-01-23	2025-01-27
6.1	PAN-SA-2025-0002 Chromium: Monthly Vulnerability Updates	Prisma Access Browser	< 131.140.2943.21	>= 131.205.2943.22	2025-01-08	2025-01-08
7.8	PAN-SA-2025-0001 Expedition: Multiple Vulnerabilities in Expedition Migration Tool Lead to Exposure of Firewall Credentials	Cloud NGFW Expedition 1 Panorama PAN-OS Prisma Access	None < 1.2.101 None None None	All >= 1.2.101 All All All	2025-01-08	2025-01-15
8.7	CVE-2024-3393 PAN-OS: Firewall Denial of Service (DoS) in DNS Security Using a Specially Crafted Packet	Cloud NGFW PAN-OS PAN-OS 11.2 PAN-OS 11.1 PAN-OS 10.2 PAN-OS 10.1 PAN-OS 10.0 PAN-OS 9.1 Prisma Access	None None on Panorama < 11.2.3 < 11.1.2-h16, < 11.1.3-h13, < 11.1.4-h7, < 11.1.5 >= 10.2.8, < 10.2.8-h19, < 10.2.9-h19, < 10.2.10-h12, < 10.2.11-h10, < 10.2.12-h4, < 10.2.13-h2, < 10.2.14 >= 10.1.14, < 10.1.14-h8, < 10.1.15 None None >= 10.2.8 on PAN-OS, < 10.2.9-h19 on PAN-OS, < 10.2.10-h12 on PAN-OS, < 11.2.3 on PAN-OS	All All on Panorama >= 11.2.3 >= 11.1.2-h16, >= 11.1.3-h13, >= 11.1.4-h7, >= 11.1.5 < 10.2.8, >= 10.2.8-h19, >= 10.2.9-h19, >= 10.2.10-h12, >= 10.2.11-h10, >= 10.2.12-h4, >= 10.2.13-h2, >= 10.2.14 < 10.1.14, >= 10.1.14-h8, >= 10.1.15 All All < 10.2.8 on PAN-OS, >= 10.2.9-h19 on PAN-OS, >= 10.2.10-h12 on PAN-OS, >= 11.2.3 on PAN-OS	2024-12-27	2025-01-30
6.1	PAN-SA-2024-0017 Chromium: Monthly Vulnerability Updates	Prisma Access Browser	< 131.86.2955.0	>= 131.109.2968.0	2024-12-11	2024-12-11
5.6	CVE-2024-5921 GlobalProtect App: Insufficient Certificate Validation Leads to Privilege Escalation	GlobalProtect App 6.3 GlobalProtect App 6.2 GlobalProtect App 6.1 GlobalProtect App 6.0 GlobalProtect App 5.1	< 6.3.2* on Windows, < 6.3.2* on macOS < 6.2.6* on Windows, < 6.2.6-c857* on macOS, < 6.2.1-c31* on Linux, < 6.2.6* on Windows UWP All on Windows, All on macOS, All on Linux, < 6.1.6* on Android, < 6.1.7* on iOS None on FIPS-CC mode None on FIPS-CC mode	>= 6.3.2* on Windows, >= 6.3.2* on macOS >= 6.2.6* on Windows, >= 6.2.6-c857* on macOS, >= 6.2.1-c31* on Linux, >= 6.2.6* on Windows UWP (ETA: end of Feb) None on Windows, None on macOS, None on Linux, >= 6.1.6* on Android, >= 6.1.7* on iOS All on FIPS-CC mode All on FIPS-CC mode	2024-11-26	2025-03-06
9.3	CVE-2024-0012 PAN-OS: Authentication Bypass in the Management Web Interface (PAN-SA-2024-0015)	Cloud NGFW PAN-OS 11.2 PAN-OS 11.1 PAN-OS 11.0 PAN-OS 10.2 PAN-OS 10.1 Prisma Access	None < 11.2.0-h1, < 11.2.1-h1, < 11.2.2-h2, < 11.2.3-h3, < 11.2.4-h1 < 11.1.0-h4, < 11.1.1-h2, < 11.1.2-h15, < 11.1.3-h11, < 11.1.4-h7, < 11.1.5-h1 < 11.0.0-h4, < 11.0.1-h5, < 11.0.2-h5, < 11.0.3-h13, < 11.0.4-h6, < 11.0.5-h2, < 11.0.6-h1 < 10.2.0-h4, < 10.2.1-h3, < 10.2.2-h6, < 10.2.3-h14, < 10.2.4-h32, < 10.2.5-h9, < 10.2.6-h6, < 10.2.7-h18, < 10.2.8-h15, < 10.2.9-h16, < 10.2.10-h9, < 10.2.11-h6, < 10.2.12-h2 None None	All >= 11.2.0-h1, >= 11.2.1-h1, >= 11.2.2-h2, >= 11.2.3-h3, >= 11.2.4-h1 >= 11.1.0-h4, >= 11.1.1-h2, >= 11.1.2-h15, >= 11.1.3-h11, >= 11.1.4-h7, >= 11.1.5-h1 >= 11.0.0-h4, >= 11.0.1-h5, >= 11.0.2-h5, >= 11.0.3-h13, >= 11.0.4-h6, >= 11.0.5-h2, >= 11.0.6-h1 >= 10.2.0-h4, >= 10.2.1-h3, >= 10.2.2-h6, >= 10.2.3-h14, >= 10.2.4-h32, >= 10.2.5-h9, >= 10.2.6-h6, >= 10.2.7-h18, >= 10.2.8-h15, >= 10.2.9-h16, >= 10.2.10-h9, >= 10.2.11-h6, >= 10.2.12-h2 All All	2024-11-18	2025-03-03
6.9	CVE-2024-9474 PAN-OS: Privilege Escalation (PE) Vulnerability in the Web Management Interface	Cloud NGFW PAN-OS 11.2 PAN-OS 11.1 PAN-OS 11.0 PAN-OS 10.2 PAN-OS 10.1 Prisma Access	None < 11.2.0-h1, < 11.2.1-h1, < 11.2.2-h2, < 11.2.3-h3, < 11.2.4-h1 < 11.1.0-h4, < 11.1.1-h2, < 11.1.2-h15, < 11.1.3-h11, < 11.1.4-h7, < 11.1.5-h1 < 11.0.0-h4, < 11.0.1-h5, < 11.0.2-h5, < 11.0.3-h13, < 11.0.4-h6, < 11.0.5-h2, < 11.0.6-h1 < 10.2.0-h4, < 10.2.1-h3, < 10.2.2-h6, < 10.2.3-h14, < 10.2.4-h32, < 10.2.5-h9, < 10.2.6-h6, < 10.2.7-h18, < 10.2.8-h15, < 10.2.9-h16, < 10.2.10-h9, < 10.2.11-h6, < 10.2.12-h2 < 10.1.3-h4, < 10.1.6-h9, < 10.1.8-h8, < 10.1.9-h14, < 10.1.10-h9, < 10.1.11-h10, < 10.1.12-h3, < 10.1.13-h5, < 10.1.14-h6 None	All >= 11.2.0-h1, >= 11.2.1-h1, >= 11.2.2-h2, >= 11.2.3-h3, >= 11.2.4-h1 >= 11.1.0-h4, >= 11.1.1-h2, >= 11.1.2-h15, >= 11.1.3-h11, >= 11.1.4-h7, >= 11.1.5-h1 >= 11.0.0-h4, >= 11.0.1-h5, >= 11.0.2-h5, >= 11.0.3-h13, >= 11.0.4-h6, >= 11.0.5-h2, >= 11.0.6-h1 >= 10.2.0-h4, >= 10.2.1-h3, >= 10.2.2-h6, >= 10.2.3-h14, >= 10.2.4-h32, >= 10.2.5-h9, >= 10.2.6-h6, >= 10.2.7-h18, >= 10.2.8-h15, >= 10.2.9-h16, >= 10.2.10-h9, >= 10.2.11-h6, >= 10.2.12-h2 >= 10.1.3-h4, >= 10.1.6-h9, >= 10.1.8-h8, >= 10.1.9-h14, >= 10.1.10-h9, >= 10.1.11-h10, >= 10.1.12-h3, >= 10.1.13-h5, >= 10.1.14-h6 All	2024-11-18	2024-11-21
8.6	PAN-SA-2024-0016 Chromium: Monthly Vulnerability Updates	Prisma Access Browser	< 130.59.2920.7	>= 130.117.2920.13	2024-11-13	2024-11-13

1 - 25 of 438 Download