Authenticated Admin Bypass in PANOS Web UI CVE20254615
CVE-2025-4615 Published on October 9, 2025
PAN-OS: Improper Neutralization of Input in the Management Web Interface
An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and execute arbitrary commands.
The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators.
Cloud NGFW and Prisma® Access are not affected by this vulnerability.
Timeline
Updated fix version for 11.1.0.
Updated Fixed Software Versions
Initial Publication
Updated exploit maturity 175 days later.
Weakness Type
Improper Neutralization of Script in Attributes in a Web Page
The software does not neutralize or incorrectly neutralizes "javascript:" or other URIs from dangerous attributes within tags, such as onmouseover, onload, onerror, or style.
Products Associated with CVE-2025-4615
stack.watch emails you whenever new vulnerabilities are published in Palo Alto Networks PAN-OS or Palo Alto Networks Prisma Access. Just hit a watch button to start following.
Affected Versions
Palo Alto Networks Cloud NGFW:- Version All is unaffected.
- Version 12.1.0 is unaffected.
- Version 11.2.0 and below 11.2.8 is affected.
- Version 11.1.0 and below 11.1.4-h27 is affected.
- Version 10.2.0 and below 10.2.17 is affected.
- Version All is unaffected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.