CVE-2025-0130

7.5 HIGH

A missing exception check in Palo Alto Networks PAN-OS® software with the web proxy feature enabled allows an unauthenticated attacker to...

Published: 2025-05-14 · Last updated: 2026-05-29

Severity and scoring

CVSS: 7.5 HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-754

Affected products

Vendor	Product
paloaltonetworks	pan-os

Description

A missing exception check in Palo Alto Networks PAN-OS® software with the web proxy feature enabled allows an unauthenticated attacker to send a burst of maliciously crafted packets that causes the firewall to become unresponsive and eventually reboot. Repeated successful attempts to trigger this condition will cause the firewall to enter maintenance mode. This issue does not affect Cloud NGFW or Prisma Access.

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2025-0130
[Vendor advisory]https://security.paloaltonetworks.com/CVE-2025-0130

Related CVEs

Same vendor

CVE-2026-0257 — Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS® software allows the attacker ... (9.1 CRITICAL)

Same CWE

CVE-2026-47216 — Typesense is a fast, typo-tolerant search engine
CVE-2026-0269 — A memory corruption vulnerability in the processing of tunnel traffic in Palo Alto Networks PAN-OS® software allows an authenticated user...
CVE-2026-46541 — Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm (7.5 HIGH)
CVE-2026-45678 — OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard (7.5 HIGH)
CVE-2026-49325 — Improper handling of physical conditions in the bike-shutdown control of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows... (4.6 MEDIUM)