CVE-2025-0126

11.04.2025, 02:15

When configured using SAML, a session fixation vulnerability in the GlobalProtect login enables an attacker to impersonate a legitimate authorized user and perform actions as that GlobalProtect user. This requires the legitimate user to first click on a malicious link provided by the attacker.

The SAML login for the PAN-OS management interface is not affected. Additionally, this issue does not affect Cloud NGFW and all Prisma Access instances are proactively patched.

Provider	Type	Base Score	Vector
NIST	NIST	UNKNOWN	---
palo_alto	CNA	---	---
CISA-ADP	ADP	---	---

Base Score

CVSS 3.x

EPSS Score

Percentile: 24%

Common Weakness Enumeration

CWE-384 - Session Fixation
Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.

References

https://security.paloaltonetworks.com/CVE-2025-0126