CVE-2025-4615

An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS software enables an authenticated administrator to bypass system restrictions and execute arbitrary commands.

The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators.

Cloud NGFW and Prisma Access are not affected by this vulnerability.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
palo_altoCNA
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 21%
VendorProductVersion
paloaltonetworkspan-os
10.2.0 ≤
𝑥
< 10.2.17
paloaltonetworkspan-os
11.1.0 ≤
𝑥
< 11.1.11
paloaltonetworkspan-os
11.2.0 ≤
𝑥
< 11.2.8
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://security.paloaltonetworks.com/CVEN-2025-4615