What is CVE-2025-4615?

CVE-2025-4615 is a vulnerability in Palo Alto Networks Cloud Ngfw, classified under Improper Neutralization of Script in Attributes in a Web Page. Published 2025-10-09.

Is CVE-2025-4615 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

XSS in Palo Alto Networks Cloud Ngfw

CVE-2025-4615

An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and execute arbitrary commands. The security ri…

EPSS: 0.001 (18.0th percentile) — read the EPSS interpretation.

Affected products

Palo Alto Networks Cloud Ngfw — versions All
Palo Alto Networks Pan-os — versions 12.1.0, 11.2.0, 11.1.0
Palo Alto Networks Prisma Access — versions All

Weakness classification (CWE)

CWE-83 — Improper Neutralization of Script in Attributes in a Web Page

Public proof-of-concept exploits

References

security.paloaltonetworks.com/CVEN-2025-4615 (vendor-advisory)

Frequently asked questions

What is CVE-2025-4615?: CVE-2025-4615 is a vulnerability in Palo Alto Networks Cloud Ngfw, classified under Improper Neutralization of Script in Attributes in a Web Page. Published 2025-10-09.
Is CVE-2025-4615 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.