CVE-2025-4614

Опубликовано: 09 окт. 2025

Источник: nvd

CVSS3: 2.7

EPSS Низкий

Описание

The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators.

Cloud NGFW and Prisma® Access are not affected by this vulnerability.

Ссылки

https://security.paloaltonetworks.com/CVE-2025-4614
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*

Версия от 10.2.0 (включая) до 10.2.17 (исключая)

cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*

Версия от 11.1.0 (включая) до 11.1.12 (исключая)

cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*

Версия от 11.2.0 (включая) до 11.2.8 (исключая)

EPSS

Процентиль: 12%

0.0004

Низкий

2.7 Low

CVSS3

Дефекты

CWE-497

Связанные уязвимости

GHSA-p4fj-c8rg-ggm6

CVSS3: 2.7

github

4 месяца назад

An information disclosure vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to view session tokens of users authenticated to the firewall web UI. This may allow impersonation of users whose session tokens are leaked. The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators. Cloud NGFW and Prisma® Access are not affected by this vulnerability.

EPSS

Процентиль: 12%

0.0004

Низкий

2.7 Low

CVSS3

Дефекты

CWE-497