PAN-OS VM-Series Cmd Injection: Auth Admin Bypasses to Root
CVE-2025-0127 Published on April 11, 2025
PAN-OS: Authenticated Admin Command Injection Vulnerability in PAN-OS VM-Series
A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. This issue is only applicable to PAN-OS VM-Series. This issue does not affect firewalls that are already deployed.
Cloud NGFW and Prisma® Access are not affected by this vulnerability.
Timeline
Initial Publication
Weakness Type
What is a Shell injection Vulnerability?
The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
CVE-2025-0127 has been classified to as a Shell injection vulnerability or weakness.
Products Associated with CVE-2025-0127
Want to know whenever a new CVE is published for Palo Alto Networks PAN-OS? stack.watch will email you.
Affected Versions
Palo Alto Networks Cloud NGFW:- Version All is unaffected.
- Version 11.2.0 is unaffected.
- Version 11.1.0 is unaffected.
- Version 11.0.0 and below 11.0.4 is affected.
- Version 10.2.0 and below 10.2.9 is affected.
- Version 10.1.0 and below 10.1.14-h13 is affected.
- Version All is unaffected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.