CVE-2025-0133

Name of the Vulnerable Software and Affected Versions Palo Alto Networks PAN-OS GlobalProtect versions (affected versions not specified)

Description A reflected cross-site scripting (XSS) flaw exists in the GlobalProtect gateway and portal features of Palo Alto Networks PAN-OS software. This allows the execution of malicious JavaScript within the browser of an authenticated user when they click a specially crafted link. The primary risk is phishing attacks that could lead to credential theft, especially if Clientless VPN is enabled. Attackers can create phishing links that appear to originate from the GlobalProtect portal. The vulnerability does not impact the availability of GlobalProtect features or users, nor does it allow attackers to modify the portal or gateway configurations. It is estimated that over 3 million services are potentially affected worldwide. The vulnerability can be exploited by crafting links containing payloads such as %3Csvg%20xmlns%3D%22http%3A%2F%https://t.co/l9uRav4jue%2F2000%2Fsvg%22%3E%3Cscript%3Eprompt%28%22XSS%22%29%3C%2Fscript%3E%3C%2Fsvg%3E. Exploitation may lead to session hijacking and credential theft. The endpoint getconfig.esp is a potential target for XSS attacks.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.