Skip to main content

Pan Os EUVDEUVD-2025-18223

| CVE-2025-4231 HIGH
Command Injection (CWE-77)
2025-06-13 psirt@paloaltonetworks.com
7.2
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.2 HIGH
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

6
Analysis Updated
Apr 16, 2026 - 06:39 EUVD-patch-fix
executive_summary
Re-analysis Queued
Apr 16, 2026 - 05:29 backfill_euvd_patch
patch_released
Patch available
Apr 16, 2026 - 05:29 EUVD
10.2.8,11.0.3
EUVD ID Assigned
Mar 14, 2026 - 21:34 euvd
EUVD-2025-18223
Analysis Generated
Mar 14, 2026 - 21:34 vuln.today
CVE Published
Jun 13, 2025 - 00:15 nvd
HIGH 7.2

DescriptionCVE.org

A command injection vulnerability in Palo Alto Networks PAN-OS® enables an authenticated administrative user to perform actions as the root user.

The attacker must have network access to the management web interface and successfully authenticate to exploit this issue.

Cloud NGFW and Prisma Access are not impacted by this vulnerability.

AnalysisAI

Command injection vulnerability in Palo Alto Networks PAN-OS that allows an authenticated administrative user to execute arbitrary commands with root privileges. The vulnerability requires network access to the management web interface and successful authentication, making it a post-authentication remote code execution flaw. While the CVSS score of 7.2 is moderately high, the requirement for administrative credentials significantly limits its practical exploitability in most environments.

Technical ContextAI

This vulnerability is rooted in CWE-77 (Improper Neutralization of Special Elements used in a Command), which occurs when user-supplied input is inadequately sanitized before being passed to system command execution functions. In PAN-OS, the management web interface likely accepts administrative input for configuration or diagnostic purposes that is then processed by backend shell commands without proper input validation or parameterization. This flaw affects the core PAN-OS operating system running on Palo Alto Networks firewalls and security appliances. The vulnerability is specific to PAN-OS running on physical and virtual firewall instances; Cloud NGFW and Prisma Access architectures (which use different isolation models and API designs) are explicitly not affected, indicating the vulnerability is tied to on-premises appliance management interfaces.

RemediationAI

Specific remediation actions: (1) Apply security patches released by Palo Alto Networks for PAN-OS - check vendor advisory for specific version numbers (typically denoted as PAN-OS X.X.X-hY where Y indicates hotfix number); (2) Implement network-level access controls restricting management web interface (typically port 443/HTTPS) to trusted administrative networks only; (3) Enforce multi-factor authentication (MFA) for all administrative accounts accessing the management interface; (4) Monitor audit logs for suspicious administrative activity, particularly commands executed with elevated privileges; (5) Implement the principle of least privilege for administrative accounts - limit to necessary permissions only; (6) As a temporary mitigation pending patching, restrict administrative access to the management interface via firewall rules or VPN-only access. For detailed patch version numbers and timelines, consult the official Palo Alto Networks Security Advisory (reference required from vendor).

More in Pan Os

View all
CVE-2025-0108 HIGH POC
8.8 Feb 12

Palo Alto Networks PAN-OS management web interface contains an authentication bypass allowing unauthenticated attackers

CVE-2016-4971 HIGH POC
8.8 Jun 30

GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted F

CVE-2016-9150 CRITICAL POC
9.8 Nov 19

Buffer overflow in the management web interface in Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x b

CVE-2016-8610 HIGH
7.5 Nov 13

A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL proto

CVE-2025-0111 HIGH
7.1 Feb 12

Palo Alto Networks PAN-OS management interface contains an authenticated file read vulnerability allowing reading of fil

CVE-2024-0012 CRITICAL POC
9.3 Nov 18

An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access t

CVE-2020-2038 HIGH POC
7.2 Sep 09

An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to exe

CVE-2024-9474 MEDIUM POC
6.9 Nov 18

A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows a PAN-OS administrator with access to

CVE-2020-2036 HIGH POC
8.8 Sep 09

A reflected cross-site scripting (XSS) vulnerability exists in the PAN-OS management web interface. Rated high severity

CVE-2012-6601 CRITICAL
10.0 Aug 31

The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.12, 4.0.x before 4.0.10, and 4.1.x

CVE-2019-1579 HIGH POC
8.1 Jul 19

Remote Code Execution in PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11-h1 and earlier, and PAN-OS 8.1.2 and earlier with Glob

CVE-2017-8390 CRITICAL
9.8 Aug 02

The DNS Proxy in Palo Alto Networks PAN-OS before 6.1.18, 7.x before 7.0.16, 7.1.x before 7.1.11, and 8.x before 8.0.3 a

Share

EUVD-2025-18223 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy