31
CVEs
1
Critical
6
High
1
KEV
1
PoC
2
Unpatched C/H
41.9%
Patch Rate
0.5%
Avg EPSS
Severity Breakdown
CRITICAL
1
HIGH
6
MEDIUM
14
LOW
6
Monthly CVE Trend
Affected Products (12)
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2026-0300 | Remote code execution in Palo Alto Networks PAN-OS User-ID Authentication Portal (Captive Portal) allows unauthenticated attackers to execute arbitrary code with root privileges on PA-Series and VM-Series firewalls via specially crafted packets. CISA KEV confirms active exploitation in the wild with publicly available exploit code. EPSS risk assessment is not provided, but the vulnerability achieves maximum impact with minimal attack complexity (CVSS 9.3, AV:N/AC:L/PR:N), making this a critical priority for immediate remediation. The attack surface is significantly reduced when access to the portal is restricted to trusted internal networks per vendor best practices. | CRITICAL | 9.3 | 14.9% | 136 |
KEV
PoC
|
| CVE-2025-4232 | CVE-2025-4232 is an improper neutralization of wildcards vulnerability in Palo Alto Networks GlobalProtect app for macOS that allows non-administrative users to escalate privileges to root through the log collection feature. With a CVSS score of 8.8 and requiring only low complexity remote network access with low privileges, this vulnerability presents a critical privilege escalation risk. The attack requires user interaction only at the network level (not UI) and affects the confidentiality, integrity, and availability of affected systems. | HIGH | 8.8 | 0.1% | 44 |
|
| CVE-2025-4230 | Command injection vulnerability in Palo Alto Networks PAN-OS that allows authenticated administrators with CLI access to bypass system restrictions and execute arbitrary commands with root privileges. The vulnerability affects on-premises PAN-OS deployments with CVSS 8.4, but risk is significantly reduced in environments where CLI access is restricted to a limited administrative group. Cloud NGFW and Prisma Access are not affected. | HIGH | 8.4 | 0.1% | 42 |
|
| CVE-2025-0141 | CVE-2025-0141 is a security vulnerability (CVSS 8.4) that allows a locally authenticated non administrative user. High severity vulnerability requiring prompt remediation. | HIGH | 8.4 | 0.0% | 42 |
|
| CVE-2026-0227 | Unauthenticated remote attackers can crash Palo Alto Networks PAN-OS firewalls through repeated requests, forcing the devices into maintenance mode and causing denial of service. This vulnerability affects Palo Alto firewalls and Prisma Access deployments with no available patch, creating ongoing operational risk. The attack requires no authentication or user interaction and can be exploited over the network. | HIGH | 7.5 | 0.0% | 38 |
No patch
|
| CVE-2025-4231 | Command injection vulnerability in Palo Alto Networks PAN-OS that allows an authenticated administrative user to execute arbitrary commands with root privileges. The vulnerability requires network access to the management web interface and successful authentication, making it a post-authentication remote code execution flaw. While the CVSS score of 7.2 is moderately high, the requirement for administrative credentials significantly limits its practical exploitability in most environments. | HIGH | 7.2 | 0.1% | 36 |
|
| CVE-2025-0140 | CVE-2025-0140 is a security vulnerability (CVSS 6.8) that allows a locally authenticated non administrative user. Remediation should follow standard vulnerability management procedures. | MEDIUM | 6.8 | 0.0% | 34 |
|
| CVE-2025-0139 | CVE-2025-0139 is a security vulnerability (CVSS 6.3) that allows a locally authenticated low privileged user. Remediation should follow standard vulnerability management procedures. | MEDIUM | 6.3 | 0.0% | 32 |
|
| CVE-2025-4229 | An information disclosure vulnerability in the SD-WAN feature of Palo Alto Networks PAN-OS® software enables an unauthorized user to view unencrypted data sent from the firewall through the SD-WAN interface. This requires the user to be able to intercept packets sent from the firewall. Cloud NGFW and Prisma® Access are not affected by this vulnerability. | MEDIUM | 6.0 | 0.1% | 30 |
|
| CVE-2025-2181 | A sensitive information disclosure vulnerability in Palo Alto Networks Checkov by Prisma® Cloud can result in the cleartext exposure of Prisma Cloud access keys in Checkov's output. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available. | MEDIUM | 5.9 | 0.0% | 30 |
No patch
|
| CVE-2025-2182 | A problem with the implementation of the MACsec protocol in Palo Alto Networks PAN-OS® results in the cleartext exposure of the connectivity association key (CAK). Rated medium severity (CVSS 5.6), this vulnerability is low attack complexity. No vendor patch available. | MEDIUM | 5.6 | 0.0% | 28 |
No patch
|
| CVE-2025-4615 | Improper input neutralization in Palo Alto Networks PAN-OS management web interface allows authenticated high-privilege administrators to bypass system restrictions and execute arbitrary commands through command injection. The vulnerability affects PAN-OS across multiple versions (specific version ranges not independently confirmed from provided data), with a low EPSS exploitation probability (0.06%, 17th percentile) and no confirmed active exploitation or public proof-of-concept. Risk is significantly reduced when CLI access is restricted to a limited administrator group; Cloud NGFW and Prisma Access are unaffected. | MEDIUM | 5.5 | 0.1% | 28 |
No patch
|
| CVE-2025-2184 | A credential management flaw in Palo Alto Networks Cortex XDR® Broker VM causes different Broker VM images to share identical default credentials for internal services. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available. | MEDIUM | 5.3 | 0.0% | 27 |
No patch
|
| CVE-2025-2183 | An insufficient certificate validation issue in the Palo Alto Networks GlobalProtect™ app enables attackers to connect the GlobalProtect app to arbitrary servers. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available. | MEDIUM | 5.3 | 0.0% | 27 |
No patch
|
| CVE-2025-4233 | CVE-2025-4233 is a security vulnerability (CVSS 5.1) that allows users. Remediation should follow standard vulnerability management procedures. | MEDIUM | 5.1 | 0.0% | 26 |
|