XSS in Palo Alto Networks Cloud Ngfw

CVE-2025-0137

An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® software enables a malicious authenticated read-write administrator to impersonate another legitimate authenticated PAN-OS adm…

EPSS: 0.004 (59.0th percentile) — read the EPSS interpretation.

Affected products

Palo Alto Networks Cloud Ngfw — versions All
Palo Alto Networks Pan-os — versions 11.2.0, 11.1.0, 10.2.0

Weakness classification (CWE)

CWE-83 — Improper Neutralization of Script in Attributes in a Web Page

References

security.paloaltonetworks.com/CVE-2025-0137 (vendor-advisory)