CVE-2025-0137: 
PAN-OS vulnerability analysis and mitigation

An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® software was disclosed on May 14, 2025 (CVE-2025-0137). The vulnerability affects multiple versions of PAN-OS including 11.2 (< 11.2.5), 11.1 (< 11.1.8), 10.2 (< 10.2.13), and 10.1 (< 10.1.14-h14), while Cloud NGFW is not affected (Palo Security).

The vulnerability is classified as CWE-83 (Improper Neutralization of Script in Attributes in a Web Page) and has been assigned a CVSS Base Score of 1.1 (LOW) with CVSS vector CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/S:N/AU:N/R:U/V:C/RE:M/U:Amber. The vulnerability requires network access to the management web interface and high privileges (authenticated read-write administrator access) to exploit (Palo Security, NVD).

If successfully exploited, this vulnerability allows a malicious authenticated read-write administrator to impersonate another legitimate authenticated PAN-OS administrator. The impact is limited due to the high privilege requirement and the necessity of network access to the management web interface (Palo Security).

Palo Alto Networks has released fixed versions: 11.2.5 or later for PAN-OS 11.2, 11.1.8 or later for PAN-OS 11.1, 10.2.13 or later for PAN-OS 10.2, and 10.1.14-h14 or later for PAN-OS 10.1. Additionally, organizations can greatly reduce the risk by restricting access to the management web interface to only trusted internal IP addresses according to the recommended critical deployment guidelines (Palo Security).

The vulnerability was discovered and reported by Jasper Westerman, Harm Blankers and Yanick de Pater of REQON B.V., along with a customer. The relatively low CVSS score and high privilege requirement have resulted in a moderate urgency classification by Palo Alto Networks (Wiz).