PT-2025-25362 · Palo Alto Networks · Pan-Os
Spcnvdr
·
Published
2025-06-11
·
Updated
2025-10-22
·
CVE-2025-4231
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Palo Alto Networks PAN-OS (affected versions not specified)
Description
A command injection issue exists in Palo Alto Networks PAN-OS. Successful exploitation allows an authenticated administrative user to execute commands with root privileges. An attacker requires network access to the management web interface and valid authentication to exploit this issue. Cloud NGFW and Prisma Access are not affected. The vulnerability involves a failure to properly sanitize data at the management level.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
LPE
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Pan-Os