CVE-2025-4615

Опубликовано: 09 окт. 2025

Источник: nvd

CVSS3: 7.2

EPSS Низкий

Описание

The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators.

Cloud NGFW and Prisma® Access are not affected by this vulnerability.

Ссылки

https://security.paloaltonetworks.com/CVEN-2025-4615
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*

Версия от 10.2.0 (включая) до 10.2.17 (исключая)

cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*

Версия от 11.1.0 (включая) до 11.1.11 (исключая)

cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*

Версия от 11.2.0 (включая) до 11.2.8 (исключая)

EPSS

Процентиль: 22%

0.00072

Низкий

7.2 High

CVSS3

Дефекты

CWE-83

Связанные уязвимости

GHSA-9w5h-px4f-8h8m

CVSS3: 7.2

github

4 месяца назад

An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and execute arbitrary commands. The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators. Cloud NGFW and Prisma® Access are not affected by this vulnerability.

EPSS

Процентиль: 22%

0.00072

Низкий

7.2 High

CVSS3

Дефекты

CWE-83