CVE-2025-0136

EUVD-2025-14904
Using the AES-128-CCM algorithm for IPSec on certain Palo Alto Networks PAN-OS® firewalls (PA-7500, PA-5400, PA-5400f, PA-3400, PA-1600, PA-1400, and PA-400 Series) leads to unencrypted data transfer to devices that are connected to the PAN-OS firewall through IPSec.

This issue does not affect Cloud NGFWs, Prisma® Access instances, or  PAN-OS VM-Series firewalls.

NOTE: The AES-128-CCM encryption algorithm is not recommended for use.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
UNKNOWN
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 11%
Common Weakness Enumeration
References
https://security.paloaltonetworks.com/CVE-2025-0136