64
CVEs
2
Critical
19
High
2
KEV
1
PoC
21
Unpatched C/H
0.0%
Patch Rate
3.1%
Avg EPSS
Severity Breakdown
CRITICAL
2
HIGH
19
MEDIUM
32
LOW
7
Monthly CVE Trend
Affected Products (15)
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2025-0108 | Palo Alto Networks PAN-OS management web interface contains an authentication bypass allowing unauthenticated attackers to invoke PHP scripts, potentially leading to system compromise when chained with other vulnerabilities. | HIGH | 8.8 | 94.1% | 208 |
KEV
PoC
No patch
|
| CVE-2025-0111 | Palo Alto Networks PAN-OS management interface contains an authenticated file read vulnerability allowing reading of files accessible to the 'nobody' user, exploited alongside CVE-2025-0108 for configuration extraction. | HIGH | 7.1 | 3.6% | 89 |
KEV
No patch
|
| CVE-2025-4232 | CVE-2025-4232 is an improper neutralization of wildcards vulnerability in Palo Alto Networks GlobalProtect app for macOS that allows non-administrative users to escalate privileges to root through the log collection feature. With a CVSS score of 8.8 and requiring only low complexity remote network access with low privileges, this vulnerability presents a critical privilege escalation risk. The attack requires user interaction only at the network level (not UI) and affects the confidentiality, integrity, and availability of affected systems. | HIGH | 8.8 | 0.1% | 44 |
No patch
|
| CVE-2025-0128 | A denial-of-service (DoS) vulnerability in the Simple Certificate Enrollment Protocol (SCEP) authentication feature of Palo Alto Networks PAN-OS® software enables an unauthenticated attacker to. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available. | HIGH | 8.7 | 0.1% | 44 |
No patch
|
| CVE-2025-0110 | A command injection vulnerability in the Palo Alto Networks PAN-OS OpenConfig plugin enables an authenticated administrator with the ability to make gNMI requests to the PAN-OS management web. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available. | HIGH | 8.6 | 0.1% | 43 |
No patch
|
| CVE-2025-4230 | Command injection vulnerability in Palo Alto Networks PAN-OS that allows authenticated administrators with CLI access to bypass system restrictions and execute arbitrary commands with root privileges. The vulnerability affects on-premises PAN-OS deployments with CVSS 8.4, but risk is significantly reduced in environments where CLI access is restricted to a limited administrative group. Cloud NGFW and Prisma Access are not affected. | HIGH | 8.4 | 0.1% | 42 |
No patch
|
| CVE-2025-0141 | CVE-2025-0141 is a security vulnerability (CVSS 8.4) that allows a locally authenticated non administrative user. High severity vulnerability requiring prompt remediation. | HIGH | 8.4 | 0.0% | 42 |
No patch
|
| CVE-2025-0126 | When configured using SAML, a session fixation vulnerability in the GlobalProtect™ login enables an attacker to impersonate a legitimate authorized user and perform actions as that GlobalProtect. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available. | HIGH | 8.3 | 0.4% | 42 |
No patch
|
| CVE-2025-0114 | A Denial of Service (DoS) vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software enables an unauthenticated attacker to render the service unavailable by sending a large. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available. | HIGH | 8.2 | 0.1% | 41 |
No patch
|
| CVE-2026-0227 | Unauthenticated remote attackers can crash Palo Alto Networks PAN-OS firewalls through repeated requests, forcing the devices into maintenance mode and causing denial of service. This vulnerability affects Palo Alto firewalls and Prisma Access deployments with no available patch, creating ongoing operational risk. The attack requires no authentication or user interaction and can be exploited over the network. | HIGH | 7.5 | 0.0% | 38 |
No patch
|
| CVE-2025-4231 | Command injection vulnerability in Palo Alto Networks PAN-OS that allows an authenticated administrative user to execute arbitrary commands with root privileges. The vulnerability requires network access to the management web interface and successful authentication, making it a post-authentication remote code execution flaw. While the CVSS score of 7.2 is moderately high, the requirement for administrative credentials significantly limits its practical exploitability in most environments. | HIGH | 7.2 | 0.1% | 36 |
No patch
|
| CVE-2025-0127 | A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available. | HIGH | 7.1 | 0.1% | 36 |
No patch
|
| CVE-2025-0120 | A vulnerability with a privilege management mechanism in the Palo Alto Networks GlobalProtect™ app on Windows devices allows a locally authenticated non-administrative Windows user to escalate their. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available. | HIGH | 7.1 | 0.1% | 36 |
No patch
|
| CVE-2025-0117 | A reliance on untrusted input for a security decision in the GlobalProtect app on Windows devices potentially enables a locally authenticated non-administrative Windows user to escalate their. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available. | HIGH | 7.1 | 0.1% | 36 |
No patch
|
| CVE-2025-0109 | An unauthenticated file deletion vulnerability in the Palo Alto Networks PAN-OS management web interface enables an unauthenticated attacker with network access to the management web interface to. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available. | MEDIUM | 6.9 | 0.1% | 35 |
No patch
|