CVE-2025-0133
PAN-OS CVE-2025-0133 describes a reflected XSS in the GlobalProtect gateway and portal, exploitable by an authenticated Captive Portal user via a specially crafted link to execute malicious JavaScript in the user’s browser. The primary risk is phishing/credential theft, with limited confidentiali...