CVE-2025-0138
LOWPalo Alto Networks Prisma Cloud Compute - Info Disclosure
Title source: llmDescription
Web sessions in the web interface of Palo Alto Networks Prisma® Cloud Compute Edition do not expire when users are deleted, which makes Prisma Cloud Compute Edition susceptible to unauthorized access. Compute in Prisma Cloud Enterprise Edition is not affected by this issue.
References (1)
Core 1
Core References
Various Sources vendor-advisory
https://security.paloaltonetworks.com/CVE-2025-0138
Scores
CVSS v4
2.0
EPSS
0.0030
EPSS Percentile
21.3%
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/AU:N/R:U/V:D/RE:M/U:Amber
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-613
Status
published
Products (2)
Palo Alto Networks/Compute in Prisma Cloud Enterprise Edition
All
Palo Alto Networks/Prisma Cloud Compute Edition
1 - 34.01.129
Published
May 14, 2025
Tracked Since
Feb 18, 2026