Palo Alto PAN-OS Auth Admin Impersonation via Web UI
CVE-2025-0125 Published on April 11, 2025
PAN-OS: Improper Neutralization of Input in the Management Web Interface
An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® software enables a malicious authenticated read-write administrator to impersonate another legitimate authenticated PAN-OS administrator.
The attacker must have network access to the management web interface to exploit this issue. You greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended critical deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .
This issue does not affect Cloud NGFW and all Prisma® Access instances.
Timeline
Initial Publication
Weakness Type
Improper Neutralization of Script in Attributes in a Web Page
The software does not neutralize or incorrectly neutralizes "javascript:" or other URIs from dangerous attributes within tags, such as onmouseover, onload, onerror, or style.
Products Associated with CVE-2025-0125
Want to know whenever a new CVE is published for Palo Alto Networks PAN-OS? stack.watch will email you.
Affected Versions
Palo Alto Networks Cloud NGFW:- Version All is unaffected.
- Version 11.2.0 and below 11.2.5 is affected.
- Version 11.1.0 and below 11.1.5 is affected.
- Version 11.0.0 and below 11.0.6 is affected.
- Version 10.2.0 and below 10.2.11 is affected.
- Version 10.1.0 and below 10.1.14-h11 is affected.
- Version All is unaffected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.