Skip to main content

Pan Os CVE-2025-4231

| EUVD-2025-18223 HIGH
Command Injection (CWE-77)
2025-06-13 psirt@paloaltonetworks.com
Privilege Escalation Command Injection Paloalto Pan Os
7.2
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

6
Analysis Updated
Apr 16, 2026 - 06:39 EUVD-patch-fix
executive_summary
Re-analysis Queued
Apr 16, 2026 - 05:29 backfill_euvd_patch
patch_released
Patch available
Apr 16, 2026 - 05:29 EUVD
10.2.8,11.0.3
EUVD ID Assigned
Mar 14, 2026 - 21:34 euvd
EUVD-2025-18223
Analysis Generated
Mar 14, 2026 - 21:34 vuln.today
CVE Published
Jun 13, 2025 - 00:15 nvd
HIGH 7.2

DescriptionNVD

A command injection vulnerability in Palo Alto Networks PAN-OS® enables an authenticated administrative user to perform actions as the root user.

The attacker must have network access to the management web interface and successfully authenticate to exploit this issue.

Cloud NGFW and Prisma Access are not impacted by this vulnerability.

AnalysisAI

Command injection vulnerability in Palo Alto Networks PAN-OS that allows an authenticated administrative user to execute arbitrary commands with root privileges. The vulnerability requires network access to the management web interface and successful authentication, making it a post-authentication remote code execution flaw. While the CVSS score of 7.2 is moderately high, the requirement for administrative credentials significantly limits its practical exploitability in most environments.

Technical ContextAI

This vulnerability is rooted in CWE-77 (Improper Neutralization of Special Elements used in a Command), which occurs when user-supplied input is inadequately sanitized before being passed to system command execution functions. In PAN-OS, the management web interface likely accepts administrative input for configuration or diagnostic purposes that is then processed by backend shell commands without proper input validation or parameterization. This flaw affects the core PAN-OS operating system running on Palo Alto Networks firewalls and security appliances. The vulnerability is specific to PAN-OS running on physical and virtual firewall instances; Cloud NGFW and Prisma Access architectures (which use different isolation models and API designs) are explicitly not affected, indicating the vulnerability is tied to on-premises appliance management interfaces.

RemediationAI

Specific remediation actions: (1) Apply security patches released by Palo Alto Networks for PAN-OS - check vendor advisory for specific version numbers (typically denoted as PAN-OS X.X.X-hY where Y indicates hotfix number); (2) Implement network-level access controls restricting management web interface (typically port 443/HTTPS) to trusted administrative networks only; (3) Enforce multi-factor authentication (MFA) for all administrative accounts accessing the management interface; (4) Monitor audit logs for suspicious administrative activity, particularly commands executed with elevated privileges; (5) Implement the principle of least privilege for administrative accounts - limit to necessary permissions only; (6) As a temporary mitigation pending patching, restrict administrative access to the management interface via firewall rules or VPN-only access. For detailed patch version numbers and timelines, consult the official Palo Alto Networks Security Advisory (reference required from vendor).

Share

CVE-2025-4231 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy