CVE-2025-4615

An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and execute arbitrary commands. The security risk posed by this issue is significantly minimized when CLI...

CVE-2025-4614 PAN-OS: Session Token Disclosure Vulnerability

An information disclosure vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to view session tokens of users authenticated to the firewall web UI. This may allow impersonation of users whose session tokens are leaked. The security risk posed by this issue...

Palo Alto Networks PAN-OS 10.1.x < 10.1.14-h15 / 10.2.x < 10.2.13-h7 / 11.1.x < 11.1.6-h14 / 11.2.x < 11.2.6 Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is 10.1.x prior to 10.1.14-h15, 10.2.x prior to 10.2.13-h7, 11.1.x prior to 11.1.6-h14, or 11.2.x prior to 11.2.6. It is, therefore, affected by a vulnerability. A command injection vulnerability in Palo Alto Networks PAN-OS...