CVE-2025-0130

HIGH

Palo Alto Networks PAN-OS - DoS

Title source: llm

Description

A missing exception check in Palo Alto Networks PAN-OS® software with the web proxy feature enabled allows an unauthenticated attacker to send a burst of maliciously crafted packets that causes the firewall to become unresponsive and eventually reboot. Repeated successful attempts to trigger this condition will cause the firewall to enter maintenance mode. This issue does not affect Cloud NGFW or Prisma Access.

References (1)

[Vendor Advisory] https://security.paloaltonetworks.com/CVE-2025-0130

Scores

CVSS v3 7.5

EPSS 0.0030

EPSS Percentile 53.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-754

Status published

Products (3)

paloaltonetworks/pan-os 11.1.7 (2 CPE variants)

paloaltonetworks/pan-os 11.1.0 - 11.1.6

paloaltonetworks/pan-os 11.2.0 - 11.2.5

Published May 14, 2025

Tracked Since Feb 18, 2026