CVE-2025-0136

Using the AES-128-CCM algorithm for IPSec on certain Palo Alto Networks PAN-OS firewalls (PA-7500, PA-5400, PA-5400f, PA-3400, PA-1600, PA-1400, and PA-400 Series) leads to unencrypted data transfer to devices that are connected to the PAN-OS firewall through IPSec.

This issue does not affect Cloud NGFWs, Prisma Access instances, or  PAN-OS VM-Series firewalls.

NOTE: The AES-128-CCM encryption algorithm is not recommended for use.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
UNKNOWN
---
palo_altoCNA
---
---
CISA-ADPADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 1%
Common Weakness Enumeration
References
https://security.paloaltonetworks.com/CVE-2025-0136