CVE-2025-4231

Опубликовано: 13 июн. 2025

Источник: nvd

CVSS3: 7.2

EPSS Низкий

Описание

A command injection vulnerability in Palo Alto Networks PAN-OS® enables an authenticated administrative user to perform actions as the root user.

The attacker must have network access to the management web interface and successfully authenticate to exploit this issue.

Cloud NGFW and Prisma Access are not impacted by this vulnerability.

Ссылки

https://security.paloaltonetworks.com/CVE-2025-4231
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*

Версия от 10.2.0 (включая) до 10.2.8 (исключая)

cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*

Версия от 11.0.0 (включая) до 11.0.3 (исключая)

EPSS

Процентиль: 22%

0.00074

Низкий

7.2 High

CVSS3

Дефекты

CWE-77

Связанные уязвимости

GHSA-vm6c-rqg9-5qqr

CVSS3: 7.2

github

8 месяцев назад

A command injection vulnerability in Palo Alto Networks PAN-OS® enables an authenticated administrative user to perform actions as the root user. The attacker must have network access to the management web interface and successfully authenticate to exploit this issue. Cloud NGFW and Prisma Access are not impacted by this vulnerability.

BDU:2025-06886

CVSS3: 9.1

fstec