May 29, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Multiple Apple Products Vulnerabilities
May 16, 2025
Vulnerability Affects All Intel CPUs from Last 6 Years
May 16, 2025
Multiple Apple Products Vulnerabilities
May 16, 2025
Vulnerability Affects All Intel CPUs from Last 6 Years
May 16, 2025
Severity
High
Analysis Summary
CVE-2025-0136 CVSS:5.3
Using the AES-128-CCM algorithm for IPSec on certain Palo Alto Networks PAN-OS firewalls leads to unencrypted data transfer to devices that are connected to the PAN-OS firewall through IPSec.
CVE-2025-0138 CVSS:2
Web sessions in the web interface of Palo Alto Networks Prisma Cloud Compute Edition do not expire when users are deleted, which makes Prisma Cloud Compute Edition susceptible to unauthorized access.
CVE-2025-0137 CVSS:4.8
An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS software enables a malicious authenticated read-write administrator to impersonate another legitimate authenticated PAN-OS administrator.
CVE-2025-0135 CVSS:5.2
An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtec App on macOS devices enables a locally authenticated non administrative user to disable the app.
CVE-2025-0134 CVSS:6.5
A code injection vulnerability in the Palo Alto Networks Cortex XDR Broker VM allows an authenticated user to execute arbitrary code with root privileges on the host operating system running Broker VM.
CVE-2025-0133 CVSS:5.1
A reflected cross-site scripting (XSS) vulnerability in the GlobalProtect gateway and portal features of Palo Alto Networks PAN-OS software enables execution of malicious JavaScript in the context of an authenticated Captive Portal user's browser when they click on a specially crafted link. The primary risk is phishing attacks that can lead to credential theft—particularly if you enabled Clientless VPN.
CVE-2025-0132 CVSS:6.9
A missing authentication vulnerability in Palo Alto Networks Cortex XDR Broker VM allows an unauthenticated user to disable certain internal services on the Broker VM.
CVE-2025-0131 CVSS:7.1
An incorrect privilege management vulnerability in the OPSWAT MetaDefender Endpoint Security SDK used by the Palo Alto Networks GlobalProtect app on Windows devices allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY\SYSTEM. However, execution requires that the local user also successfully exploits a race condition, which makes this vulnerability difficult to exploit.
CVE-2025-0130 CVSS:8.2
A missing exception check in Palo Alto Networks PAN-OS software with the web proxy feature enabled allows an unauthenticated attacker to send a burst of maliciously crafted packets that causes the firewall to become unresponsive and eventually reboot. Repeated successful attempts to trigger this condition will cause the firewall to enter maintenance mode.
Impact
- Gain Access
- Cross-Site Scripting
- Privilege Escalation
- Data Manipulation
Indicators of Compromise
CVE
- CVE-2025-0136
- CVE-2025-0137
- CVE-2025-0138
- CVE-2025-0135
- CVE-2025-0134
- CVE-2025-0133
- CVE-2025-0132
- CVE-2025-0131
- CVE-2025-0130
Affected Vendors
Palo Alto
Affected Products
- Palo Alto Networks GlobalProtect App
- Palo Alto Networks PAN-OS - 11.0.0 - 11.0.7
- Palo Alto Networks PAN-OS - 10.2.0 - 10.2.11
- Palo Alto Networks PAN-OS - 11.1.0 - 11.1.5
- Palo Alto Networks PAN-OS - 10.1.0 - 10.1.14-h14
- Palo Alto Networks PAN-OS - 10.1.10
- Palo Alto Networks PAN-OS - 10.1.11
- Palo Alto Networks PAN-OS - 10.1.12
- Palo Alto Networks PAN-OS - 10.1.13
- Palo Alto Networks Prisma Cloud Compute Edition - 32.04.113
- Palo Alto Networks Prisma Cloud Compute Edition - 32.05.124
- Palo Alto Networks Prisma Cloud Compute Edition - 32.06.113
- Palo Alto Networks Cortex Xdr Broker Vm
Remediation
Refer to Palo Alto Networks Security Advisory for patch, upgrade, or suggested workaround information.
