A command injection vulnerability in Palo Alto Networks PAN-OS® enables an authenticated administrative user to perform actions as the root user.
The attacker must have network access to the management web interface and successfully authenticate to exploit this issue.
Cloud NGFW and Prisma Access are not impacted by this vulnerability.
References
Link | Resource |
---|---|
https://security.paloaltonetworks.com/CVE-2025-4231 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
22 Oct 2025, 12:57
Type | Values Removed | Values Added |
---|---|---|
References | () https://security.paloaltonetworks.com/CVE-2025-4231 - Vendor Advisory | |
First Time |
Paloaltonetworks pan-os
Paloaltonetworks |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.2 |
CPE | cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:* |
16 Jun 2025, 12:32
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2025-06-13 00:15
Updated : 2025-10-22 12:57
NVD link : CVE-2025-4231
Mitre link : CVE-2025-4231
CVE.ORG link : CVE-2025-4231
JSON object : View
Products Affected
paloaltonetworks
- pan-os
CWE
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')