CVE-2025-0126

When configured using SAML, a session fixation vulnerability in the GlobalProtect™ login enables an attacker to impersonate a legitimate authorized user and perform actions as that GlobalProtect user. This requires the legitimate user to first click on a malicious link provided by the attacker. The SAML login for the PAN-OS® management interface is not affected. Additionally, this issue does not affect Cloud NGFW and all Prisma® Access instances are proactively patched.

CVSS

No CVSS.

References

Link	Resource
https://security.paloaltonetworks.com/CVE-2025-0126

Configurations

No configuration.

History

11 Apr 2025, 15:39

Type	Values Removed	Values Added
Summary		(es) Cuando se configura con SAML, una vulnerabilidad de fijación de sesión en el inicio de sesión de GlobalProtect™ permite a un atacante hacerse pasar por un usuario autorizado legítimo y realizar acciones como ese usuario de GlobalProtect. Esto requiere que el usuario legítimo primero haga clic en un enlace malicioso proporcionado por el atacante. El inicio de sesión SAML para la interfaz de administración de PAN-OS® no se verá afectado. Además, este problema no afecta a Cloud NGFW y todas las instancias de Prisma® Access reciben parches de forma proactiva.

11 Apr 2025, 02:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-04-11 02:15

Updated : 2025-04-11 15:39

NVD link : CVE-2025-0126

Mitre link : CVE-2025-0126

CVE.ORG link : CVE-2025-0126

JSON object : View

Products Affected

No product.

CWE

CWE-384

Session Fixation

{"id": "CVE-2025-0126", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "psirt@paloaltonetworks.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "USER", "baseScore": 8.3, "Automatable": "NO", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:H/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "AMBER", "userInteraction": "ACTIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "MODERATE", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-04-11T02:15:18.970", "references": [{"url": "https://security.paloaltonetworks.com/CVE-2025-0126", "source": "psirt@paloaltonetworks.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "psirt@paloaltonetworks.com", "description": [{"lang": "en", "value": "CWE-384"}]}], "descriptions": [{"lang": "en", "value": "When configured using SAML, a session fixation vulnerability in the GlobalProtect\u2122 login enables an attacker to impersonate a legitimate authorized user and perform actions as that GlobalProtect user. This requires the legitimate user to first click on a malicious link provided by the attacker.\n\nThe SAML login for the PAN-OS\u00ae management interface is not affected. Additionally, this issue does not affect Cloud NGFW and all Prisma\u00ae Access instances are proactively patched."}, {"lang": "es", "value": "Cuando se configura con SAML, una vulnerabilidad de fijaci\u00f3n de sesi\u00f3n en el inicio de sesi\u00f3n de GlobalProtect\u2122 permite a un atacante hacerse pasar por un usuario autorizado leg\u00edtimo y realizar acciones como ese usuario de GlobalProtect. Esto requiere que el usuario leg\u00edtimo primero haga clic en un enlace malicioso proporcionado por el atacante. El inicio de sesi\u00f3n SAML para la interfaz de administraci\u00f3n de PAN-OS\u00ae no se ver\u00e1 afectado. Adem\u00e1s, este problema no afecta a Cloud NGFW y todas las instancias de Prisma\u00ae Access reciben parches de forma proactiva."}], "lastModified": "2025-04-11T15:39:52.920", "sourceIdentifier": "psirt@paloaltonetworks.com"}