CVE-2025-0130
HIGH EPSS 27.7%
Published May 14, 20251y ago · Modified Jun 17, 20261w ago
8.2 CVSS 4.0
Published May 14, 2025 1y ago
Last Modified Jun 17, 2026 1w ago
Description
A missing exception check in Palo Alto Networks PAN-OS® software with the web proxy feature enabled allows an unauthenticated attacker to send a burst of maliciously crafted packets that causes the firewall to become unresponsive and eventually reboot. Repeated successful attempts to trigger this condition will cause the firewall to enter maintenance mode. This issue does not affect Cloud NGFW or Prisma Access.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:C/RE:L/U:Amber Attack Vector Network
Attack Complexity High
Privileges Required None
User Interaction None
Scope X
Threat Intelligence
EPSS Exploit Probability
27.7% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-754
Affected Products 4
| Vendor | Product | Version | Range |
|---|---|---|---|
| paloaltonetworks | pan-os | * | ≥11.1.0 – <11.1.6 |
| paloaltonetworks | pan-os | * | ≥11.2.0 – <11.2.5 |
| paloaltonetworks | pan-os | 11.1.7 | any |
| paloaltonetworks | pan-os | 11.1.7 | any |
References 1
- security.paloaltonetworks.com https://security.paloaltonetworks.com/CVE-2025-0130
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.