XSS in Palo Alto Networks Cloud Ngfw

CVE-2025-0125

An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® software enables a malicious authenticated read-write administrator to impersonate another legitimate authenticated PAN-OS adm…

EPSS: 0.002 (47.2th percentile) — read the EPSS interpretation.

Affected products

Palo Alto Networks Cloud Ngfw — versions All
Palo Alto Networks Pan-os — versions 11.2.0, 11.1.0, 11.0.0
Palo Alto Networks Prisma Access — versions All

Weakness classification (CWE)

CWE-83 — Improper Neutralization of Script in Attributes in a Web Page

References

security.paloaltonetworks.com/CVE-2025-0125 (vendor-advisory)