CVE-2025-4615
PAN-OS: Improper Neutralization of Input in the Management Web Interface
CVSS Score
0.0
EPSS Score
0.1%
EPSS Percentile
17th
An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and execute arbitrary commands. The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators. Cloud NGFW and Prisma® Access are not affected by this vulnerability.
| CWE | CWE-83 |
| Vendor | palo alto networks |
| Product | cloud ngfw |
| Published | Oct 9, 2025 |
| Last Updated | Apr 1, 2026 |
Stay Ahead of the Next One
Get instant alerts for palo alto networks cloud ngfw
Be the first to know when new unknown vulnerabilities affecting palo alto networks cloud ngfw are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
Affected Versions
Palo Alto Networks / Cloud NGFW
All versions affected Palo Alto Networks / PAN-OS
11.2.0 < 11.2.8 11.1.0 < 11.1.4-h27 10.2.0 < 10.2.17
Palo Alto Networks / Prisma Access
All versions affected References
Credits
Visa Inc.