Palo Alto Networks Security Advisories

1 - 25 of 449
VersionsAffectedUnaffected
4CVE-2025-0120 GlobalProtect App: Local Privilege Escalation (PE) Vulnerability
GlobalProtect App
GlobalProtect App 6.3
GlobalProtect App 6.2
GlobalProtect App 6.1
GlobalProtect App 6.0
GlobalProtect UWP App
None on macOS, None on Linux, None on iOS, None on Android, None on Chrome OS
< 6.3.3 on Windows
< 6.2.7-h3 on Windows, < 6.2.8 on Windows
All on Windows
< 6.0.12 on Windows
None
All on macOS, All on Linux, All on iOS, All on Android, All on Chrome OS
>= 6.3.3 on Windows (ETA: End of April 2025)
>= 6.2.7-h3 on Windows, >= 6.2.8 on Windows
None on Windows
>= 6.0.12 on Windows (ETA: May 2025)
All
2025-04-092025-04-21
4.3CVE-2025-0121 Cortex XDR Agent: Local Windows User Can Crash the Agent
Cortex XDR Agent 8.7
Cortex XDR Agent 8.6
Cortex XDR Agent 8.5
Cortex XDR Agent 8.3-CE
Cortex XDR Agent 7.9-CE
None on Windows
< 8.6.1 on Windows
< 8.5.2 on Windows
< 8.3.101-CE HF on Windows
< 7.9.103-CE HF on Windows
All on Windows
>= 8.6.1 on Windows
>= 8.5.2 on Windows
>= 8.3.101-CE HF on Windows
>= 7.9.103-CE HF on Windows
2025-04-092025-04-09
4.9CVE-2025-0122 Prisma SD-WAN: Denial of Service (DoS) Vulnerability Through Burst of Crafted Packets
Prisma SD-WAN 6.5
Prisma SD-WAN 6.4
Prisma SD-WAN 6.3
Prisma SD-WAN 6.2
Prisma SD-WAN 6.1
Prisma SD-WAN 5.6
< 6.5.1
< 6.4.2
< 6.3.4
All
< 6.1.10
All
>= 6.5.1
>= 6.4.2
>= 6.3.4
None
>= 6.1.10
None
2025-04-092025-04-15
1.9CVE-2025-0123 PAN-OS: Information Disclosure Vulnerability in HTTP/2 Packet Captures
Cloud NGFW
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 10.2
PAN-OS 10.1
Prisma Access
None
< 11.2.6
< 11.1.8
< 10.2.15
< 10.1.14-h13
None
All
>= 11.2.6
>= 11.1.8
>= 10.2.15 (ETA: 05/15)
>= 10.1.14-h13
All
2025-04-092025-04-09
2CVE-2025-0124 PAN-OS: Authenticated File Deletion Vulnerability on the Management Web Interface
Cloud NGFW
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 11.0
PAN-OS 10.2
PAN-OS 10.1
Prisma Access
All
< 11.2.1
< 11.1.5
< 11.0.6
< 10.2.10
< 10.1.14-h11
None
None (ETA end of April)
>= 11.2.1
>= 11.1.5
>= 11.0.6
>= 10.2.10
>= 10.1.14-h11
All
2025-04-092025-04-09
4.4CVE-2025-0125 PAN-OS: Improper Neutralization of Input in the Management Web Interface
Cloud NGFW
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 11.0
PAN-OS 10.2
PAN-OS 10.1
Prisma Access
None
< 11.2.5
< 11.1.5
< 11.0.6
< 10.2.11
< 10.1.14-h11
None
All
>= 11.2.5
>= 11.1.5
>= 11.0.6
>= 10.2.11
>= 10.1.14-h11
All
2025-04-092025-04-16
5.6CVE-2025-0126 PAN-OS: Session Fixation Vulnerability in GlobalProtect SAML Login
Cloud NGFW
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 11.0
PAN-OS 10.2
PAN-OS 10.1
Prisma Access
None
< 11.2.3
< 11.1.5
< 11.0.6
< 10.2.4-h25, < 10.2.9-h13, < 10.2.10-h6, < 10.2.11
< 10.1.14-h11
< 10.2.4-h36 on PAN-OS, < 10.2.10-h16 on PAN-OS, < 11.2.4-h5 on PAN-OS
All
>= 11.2.3
>= 11.1.5
>= 11.0.6
>= 10.2.4-h25, >= 10.2.9-h13, >= 10.2.10-h6, >= 10.2.11
>= 10.1.14-h11
>= 10.2.4-h36 on PAN-OS, >= 10.2.10-h16 on PAN-OS, >= 11.2.4-h5 on PAN-OS
2025-04-092025-04-09
4CVE-2025-0127 PAN-OS: Authenticated Admin Command Injection Vulnerability in PAN-OS VM-Series
Cloud NGFW
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 11.0
PAN-OS 10.2
PAN-OS 10.1
Prisma Access
None
None on VM-Series
None on VM-Series
< 11.0.4 on VM-Series
< 10.2.9 on VM-Series
< 10.1.14-h13 on VM-Series
None
All
All on VM-Series
All on VM-Series
>= 11.0.4 on VM-Series
>= 10.2.9 on VM-Series
>= 10.1.14-h13 on VM-Series
All
2025-04-092025-04-09
6.6CVE-2025-0128 PAN-OS: Firewall Denial of Service (DoS) Using a Specially Crafted Packet
Cloud NGFW
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 11.0
PAN-OS 10.2
PAN-OS 10.1
Prisma Access
None on PAN-OS
< 11.2.3
< 11.1.5
< 11.0.6
< 10.2.10-h17
< 10.1.14-h11
< 10.2.4-h36 on PAN-OS, < 10.2.10-h16 on PAN-OS, < 11.2.4-h5 on PAN-OS
All on PAN-OS
>= 11.2.3
>= 11.1.5
>= 11.0.6
>= 10.2.10-h17
>= 10.1.14-h11
>= 10.2.4-h36 on PAN-OS, >= 10.2.10-h16 on PAN-OS, >= 11.2.4-h5 on PAN-OS
2025-04-092025-04-09
2.4CVE-2025-0119 Cortex XDR Broker VM: Authenticated Command Injection Vulnerability in Broker VM
Cortex XDR Broker VM
< 26.100.3
>= 26.100.3
2025-04-092025-04-09
7.6PAN-SA-2025-0008 Chromium and Prisma Access Browser: Monthly Vulnerability Update (April 2025)
Prisma Access Browser
< 132.83.3017.1
>= 134.29.5.178
2025-04-092025-04-09
2.2CVE-2025-0118 GlobalProtect App: Execution of Unsafe ActiveX Control Vulnerability
GlobalProtect App
GlobalProtect App 6.3
GlobalProtect App 6.2
GlobalProtect App 6.1
GlobalProtect App 6.0
GlobalProtect UWP App
None on macOS, Linux, iOS, Android, Chrome OS
< 6.3.3 on Windows
< 6.2.5 on Windows
< 6.1.6 on Windows
< 6.0.11 on Windows
None
All on macOS, Linux, iOS, Android, Chrome OS
>= 6.3.3 on Windows
>= 6.2.5 on Windows
>= 6.1.6 on Windows
>= 6.0.11 on Windows
All
2025-03-122025-03-12
4.3CVE-2025-0117 GlobalProtect App: Local Privilege Escalation (PE) Vulnerability
GlobalProtect App
GlobalProtect App 6.3
GlobalProtect App 6.2
GlobalProtect App 6.1
GlobalProtect App 6.0
GlobalProtect UWP App
None on iOS, None on Android, None on Chrome OS, None on macOS
< 6.3.3 on Windows
< 6.2.6 on Windows
All on Windows
All on Windows
None
All on iOS, All on Android, All on Chrome OS, All on macOS
>= 6.3.3 on Windows (ETA: End of April 2025)*
>= 6.2.6 on Windows*
None on Windows
None on Windows (Fix version ETA: May 2025)
All
2025-03-122025-04-11
4.3CVE-2025-0116 PAN-OS: Firewall Denial of Service (DoS) Using a Specially Crafted LLDP Frame
Cloud NGFW
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 10.2
PAN-OS 10.1
Prisma Access
None
< 11.2.5
< 11.1.4-h17, < 11.1.6-h6, < 11.1.8
< 10.2.10-h17, < 10.2.13-h5, < 10.2.14
< 10.1.14-h11
None
All
>= 11.2.5
>= 11.1.4-h17, >= 11.1.6-h6, >= 11.1.8
>= 10.2.10-h17, >= 10.2.13-h5, >= 10.2.14
>= 10.1.14-h11
All
2025-03-122025-04-04
4.3CVE-2025-0115 PAN-OS: Authenticated Admin File Read Vulnerability in PAN-OS CLI
Cloud NGFW
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 11.0
PAN-OS 10.2
PAN-OS 10.1
Prisma Access
None
< 11.2.3
< 11.1.4-h17, < 11.1.5
< 11.0.6
< 10.2.11
< 10.1.14-h11
None
All
>= 11.2.3
>= 11.1.4-h17, >= 11.1.5
>= 11.0.6
>= 10.2.11
>= 10.1.14-h11
All
2025-03-122025-04-02
4.6CVE-2025-0114 PAN-OS: Denial of Service (DoS) in GlobalProtect
Cloud NGFW
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 11.0
PAN-OS 10.2
PAN-OS 10.1
Prisma Access
None
None
None
< 11.0.2
< 10.2.5
< 10.1.14-h11
None
All
All
All
>= 11.0.2
>= 10.2.5
>= 10.1.14-h11
All
2025-03-122025-03-12
7.6PAN-SA-2025-0007 Chromium: Monthly Vulnerability Update (March 2025)
Prisma Access Browser
< 133.16.4.99
>= 134.7.4.44
2025-03-122025-03-12
4.9CVE-2025-0113 Cortex XDR Broker VM: Unauthorized Access to Broker VM Docker Containers
Cortex XDR Broker VM
< 26.0.116
>= 26.0.116
2025-02-122025-02-12
iPAN-SA-2025-0006 Informational Bulletin: Impact of OSS CVEs in PAN-OS
PAN-OS
None
All
2025-02-122025-02-12
iPAN-SA-2025-0005 GlobalProtect Clientless VPN: Clientless VPN Misconfiguration Allows Cross-Site Attacks
Cloud NGFW
PAN-OS
Prisma Access
None
All
All
All
None
None
2025-02-122025-02-12
6.1PAN-SA-2025-0004 Chromium: Monthly Vulnerability Update (February 2025)
Prisma Access Browser
< 132.111.3017.2
>= 133.8.10.54
2025-02-122025-02-12
6.6CVE-2024-1135 Impact of CVE-2024-1135
Cortex XDR Broker VM
< 25.105.6
>= 25.105.6
2025-02-122025-02-12
4.3CVE-2025-0112 Cortex XDR Agent: Local Windows User Can Disable the Agent
Cortex XDR Agent 8.6
Cortex XDR Agent 8.5
Cortex XDR Agent 8.4
Cortex XDR Agent 8.3-CE
None on Windows
< 8.5.1 on Windows
All on Windows *
< 8.3.101-CE on Windows
All on Windows
>= 8.5.1 on Windows
None on Windows *
>= 8.3.101-CE on Windows
2025-02-122025-02-12
7.1CVE-2025-0111 PAN-OS: Authenticated File Read Vulnerability in the Management Web Interface
Cloud NGFW
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 10.2
PAN-OS 10.1
Prisma Access
None
< 11.2.4-h4, < 11.2.5
< 11.1.2-h18, < 11.1.4-h13, < 11.1.6-h1
< 10.2.7-h24, < 10.2.8-h21, < 10.2.9-h21, < 10.2.10-h14, < 10.2.11-h12, < 10.2.12-h6, < 10.2.13-h3
< 10.1.14-h9
None
All
>= 11.2.4-h4, >= 11.2.5
>= 11.1.2-h18, >= 11.1.4-h13, >= 11.1.6-h1
>= 10.2.7-h24, >= 10.2.8-h21, >= 10.2.9-h21, >= 10.2.10-h14, >= 10.2.11-h12, >= 10.2.12-h6, >= 10.2.13-h3
>= 10.1.14-h9
All
2025-02-122025-03-06
7.3CVE-2025-0110 PAN-OS OpenConfig Plugin: Command Injection Vulnerability in OpenConfig Plugin
PAN-OS OpenConfig Plugin
< 2.1.2
>= 2.1.2
2025-02-122025-02-21
1 - 25 of 449 Download
© 2025 Palo Alto Networks, Inc. All rights reserved.