CVE-2025-0130
PAN-OS: Firewall Denial-of-Service (DoS) in the Web-Proxy Feature via a Burst of Maliciously Crafted Packets
CVSS Score
0.0
EPSS Score
0.3%
EPSS Percentile
54th
A missing exception check in Palo Alto Networks PAN-OS® software with the web proxy feature enabled allows an unauthenticated attacker to send a burst of maliciously crafted packets that causes the firewall to become unresponsive and eventually reboot. Repeated successful attempts to trigger this condition will cause the firewall to enter maintenance mode. This issue does not affect Cloud NGFW or Prisma Access.
| CWE | CWE-754 |
| Vendor | palo alto networks |
| Product | cloud ngfw |
| Published | May 14, 2025 |
| Last Updated | May 29, 2026 |
Stay Ahead of the Next One
Get instant alerts for palo alto networks cloud ngfw
Be the first to know when new unknown vulnerabilities affecting palo alto networks cloud ngfw are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
Affected Versions
Palo Alto Networks / Cloud NGFW
All versions affected Palo Alto Networks / PAN-OS
11.2.0 < 11.2.5 11.1.0 < 11.1.6-h1
Palo Alto Networks / Prisma Access
All versions affected References
Credits
Jari Pietila of Palo Alto Networks