CVE-2025-4615

MEDIUM
2025-10-09 [email protected]
5.5
CVSS 4.0
Share

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
X

Lifecycle Timeline

2
Analysis Generated
Apr 01, 2026 - 01:22 vuln.today
CVE Published
Oct 09, 2025 - 19:15 nvd
MEDIUM 5.5

Tags

Paloalto RCE Authentication Bypass Command Injection Pan Os

Description

An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and execute arbitrary commands. The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators. Cloud NGFW and Prisma® Access are not affected by this vulnerability.

Analysis

Improper input neutralization in Palo Alto Networks PAN-OS management web interface allows authenticated high-privilege administrators to bypass system restrictions and execute arbitrary commands through command injection. The vulnerability affects PAN-OS across multiple versions (specific version ranges not independently confirmed from provided data), with a low EPSS exploitation probability (0.06%, 17th percentile) and no confirmed active exploitation or public proof-of-concept. Risk is significantly reduced when CLI access is restricted to a limited administrator group; Cloud NGFW and Prisma Access are unaffected.

Technical Context

The vulnerability stems from improper input neutralization (CWE-83, Improper Neutralization of Script-Related Attributes in a Web Page Used by a Browser) in the PAN-OS management web interface. This weakness allows command injection when an administrator with high-privilege credentials (PR:H in CVSS:4.0) submits crafted input through the web management console. The lack of proper input sanitization before passing user-controlled data to command execution routines enables an authenticated administrator to bypass intended restrictions and achieve arbitrary command execution on the underlying system. Cloud NGFW and Prisma Access deployments are explicitly not affected, suggesting the vulnerability is specific to on-premises PAN-OS instances or certain deployment architectures.

Affected Products

Palo Alto Networks PAN-OS (all versions, CPE: cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*). The provided CPE strings use wildcard version matching, indicating the vulnerability affects a broad version range of PAN-OS software, though specific affected version numbers are not enumerated in the available data. Cloud NGFW and Prisma Access deployments are explicitly not affected. For authoritative affected version details, consult the Palo Alto Networks security advisory at https://security.paloaltonetworks.com/CVEN-2025-4615.

Remediation

Apply the vendor-released security patch from Palo Alto Networks. Consult https://security.paloaltonetworks.com/CVEN-2025-4615 for exact patched PAN-OS version numbers and upgrade instructions specific to your deployment. As an interim mitigating control, restrict CLI access to PAN-OS to a limited group of trusted administrators, which significantly reduces the security risk by narrowing the set of users who can exploit this vulnerability. Additionally, audit administrator account access and credentials to detect any unauthorized or suspicious high-privilege user creation.

Priority Score

28
Low Medium High Critical
KEV: 0
EPSS: +0.1
CVSS: +28
POC: 0

Share

CVE-2025-4615 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy