CVE-2025-4614

Medium CVSS: 4.8

An information disclosure vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to view session tokens of users authenticated to the firewall web UI. This may allow impersonation of users whose session tokens are leaked.

The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators.

Cloud NGFW and Prisma® Access are not affected by this vulnerability.

Vendor

Paloaltonetworks

Product

Pan-os

CWE

CWE-497

Yayın Tarihi

2025-10-09 19:15:43

Güncelleme

2026-02-06 17:13:34

Source Identifier

psirt@paloaltonetworks.com

KEV Date Added

Kategoriler

CWE-497 Pan-os MEDIUM Paloaltonetworks 2025

Referanslar

https://security.paloaltonetworks.com/CVE-2025-4614

Benzer Kayıtlar

Medium

CVE-2026-0227

A vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to cause a denial of service (…

Medium

CVE-2025-4615

An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® softwar…

Low

CVE-2025-4227

An improper access control vulnerability in the Endpoint Traffic Policy Enforcement https://docs.paloaltonetworks.com/g…

High

CVE-2025-4231

A command injection vulnerability in Palo Alto Networks PAN-OS® enables an authenticated administrative user to perform…

High

CVE-2025-4232

An improper neutralization of wildcards vulnerability in the log collection feature of Palo Alto Networks GlobalProtect™…

Medium

CVE-2025-0135

An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect™ App on macOS devices enables a…