CVE-2025-4615

Medium CVSS: 5.5

An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and execute arbitrary commands.

The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators.

Cloud NGFW and Prisma® Access are not affected by this vulnerability.

Vendor

Paloaltonetworks

Product

Pan-os

CWE

CWE-83

Yayın Tarihi

2025-10-09 19:15:43

Güncelleme

2026-04-01 01:16:39

Source Identifier

psirt@paloaltonetworks.com

KEV Date Added

Kategoriler

CWE-83 Pan-os MEDIUM Paloaltonetworks 2025

Referanslar

https://security.paloaltonetworks.com/CVEN-2025-4615

Benzer Kayıtlar

Medium

CVE-2026-0227

A vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to cause a denial of service (…

Medium

CVE-2025-4614

An information disclosure vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to…

Low

CVE-2025-4227

An improper access control vulnerability in the Endpoint Traffic Policy Enforcement https://docs.paloaltonetworks.com/g…

High

CVE-2025-4231

A command injection vulnerability in Palo Alto Networks PAN-OS® enables an authenticated administrative user to perform…

High

CVE-2025-4232

An improper neutralization of wildcards vulnerability in the log collection feature of Palo Alto Networks GlobalProtect™…

Medium

CVE-2025-0135

An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect™ App on macOS devices enables a…