CVE-2025-0128

11.04.2025, 02:15

A denial-of-service (DoS) vulnerability in the Simple Certificate Enrollment Protocol (SCEP) authentication feature of Palo Alto Networks PAN-OS software enables an unauthenticated attacker to initiate system reboots using a maliciously crafted packet. Repeated attempts to initiate a reboot causes the firewall to enter maintenance mode.

Cloud NGFW is not affected by this vulnerability. Prisma Access software is proactively patched and protected from this issue.

Provider	Type	Base Score	Vector
NIST	NIST	UNKNOWN	---
palo_alto	CNA	---	---
CISA-ADP	ADP	---	---

Base Score

CVSS 3.x

EPSS Score

Percentile: 22%

Common Weakness Enumeration

CWE-754 - Improper Check for Unusual or Exceptional Conditions
The software does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the software.

References

https://security.paloaltonetworks.com/CVE-2025-0128