CVE-2025-0126
When configured using SAML, a session fixation vulnerability in the GlobalProtect™ login enables an attacker to impersonate a legitimate authorized user and perform actions as that GlobalProtect user. This requires the legitimate user to first click on a malicious link provided by the attacker.
The SAML login for the PAN-OS® management interface is not affected. Additionally, this issue does not affect Cloud NGFW and all Prisma® Access instances are proactively patched.
The SAML login for the PAN-OS® management interface is not affected. Additionally, this issue does not affect Cloud NGFW and all Prisma® Access instances are proactively patched.
Vendor
-
Product
-
CWE
Yayın Tarihi
2025-04-11 02:15:18
Güncelleme
2025-04-11 15:39:52
Source Identifier
psirt@paloaltonetworks.com
KEV Date Added
-