CVE-2025-0130

A missing exception check in Palo Alto Networks PAN-OS® software with the web proxy feature enabled allows an unauthenticated attacker to send a burst of maliciously crafted packets that causes the firewall to become unresponsive and eventually reboot. Repeated successful attempts to trigger this condition will cause the firewall to enter maintenance mode. This issue does not affect Cloud NGFW or Prisma Access.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://security.paloaltonetworks.com/CVE-2025-0130	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:paloaltonetworks:pan-os::::::::
	cpe:2.3:o:paloaltonetworks:pan-os::h1::::::*
	cpe:2.3:o:paloaltonetworks:pan-os:11.1.7:-::::::
	cpe:2.3:o:paloaltonetworks:pan-os:11.1.7:h1::::::

History

06 Oct 2025, 16:18

Type	Values Removed	Values Added
CPE		cpe:2.3:o:paloaltonetworks:pan-os:11.1.7:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:::::::: cpe:2.3:o:paloaltonetworks:pan-os::h1::::::* cpe:2.3:o:paloaltonetworks:pan-os:11.1.7:h1::::::
References	~~() https://security.paloaltonetworks.com/CVE-2025-0130 -~~	() https://security.paloaltonetworks.com/CVE-2025-0130 - Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5
First Time		Paloaltonetworks pan-os Paloaltonetworks

16 May 2025, 14:43

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-14 18:15

Updated : 2025-10-06 16:18

NVD link : CVE-2025-0130

Mitre link : CVE-2025-0130

CVE.ORG link : CVE-2025-0130

JSON object : View

Products Affected

paloaltonetworks

pan-os

CWE

CWE-754

Improper Check for Unusual or Exceptional Conditions

{"id": "CVE-2025-0130", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "psirt@paloaltonetworks.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "USER", "baseScore": 8.2, "Automatable": "YES", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:C/RE:L/U:Amber", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "AMBER", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "LOW", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-05-14T18:15:29.723", "references": [{"url": "https://security.paloaltonetworks.com/CVE-2025-0130", "tags": ["Vendor Advisory"], "source": "psirt@paloaltonetworks.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "psirt@paloaltonetworks.com", "description": [{"lang": "en", "value": "CWE-754"}]}], "descriptions": [{"lang": "en", "value": "A missing exception check in Palo Alto Networks PAN-OS\u00ae software with the web proxy feature enabled allows an unauthenticated attacker to send a burst of maliciously crafted packets that causes the firewall to become unresponsive and eventually reboot. Repeated successful attempts to trigger this condition will cause the firewall to enter maintenance mode.\n\nThis issue does not affect Cloud NGFW or Prisma Access."}, {"lang": "es", "value": "Una comprobaci\u00f3n de excepci\u00f3n faltante en el software PAN-OS\u00ae de Palo Alto Networks con la funci\u00f3n de proxy web habilitada permite que un atacante no autenticado env\u00ede una r\u00e1faga de paquetes maliciosos que provocan que el firewall deje de responder y, finalmente, se reinicie. Los intentos repetidos de activar esta condici\u00f3n har\u00e1n que el firewall entre en modo de mantenimiento. Este problema no afecta a Cloud NGFW ni a Prisma Access."}], "lastModified": "2025-10-06T16:18:22.213", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "19A95C11-17B8-45BB-8A73-B0896C136935", "versionEndExcluding": "11.1.6", "versionStartIncluding": "11.1.0"}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:h1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "87CF5534-403B-4BC4-9E36-677BE4ACE3E4", "versionEndExcluding": "11.2.5", "versionStartIncluding": "11.2.0"}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.7:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "64B56778-2698-493D-80AD-B4AE81F48124"}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.7:h1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0A9D3E2E-BA37-4F2A-BD43-97DD93E43D08"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@paloaltonetworks.com"}