Palo Alto Products Multiple Vulnerabilities

Release Date: 16 May 2025

RISK: Medium Risk

TYPE: Security software and application - Security Software & Appliance

Multiple vulnerabilities were identified in Palo Alto Products. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, remote code execution, sensitive information disclosure, elevation of privilege, cross-site scripting and security restriction bypass on the targeted system.

Impact

Remote Code Execution
Denial of Service
Security Restriction Bypass
Information Disclosure
Cross-Site Scripting
Elevation of Privilege

System / Technologies affected

Prisma Cloud Compute Edition versions earlier than 34.00.141
Prisma Access All versions
PAN-OS 11.2 versions earlier than 11.2.7
PAN-OS 11.2 versions earlier than 11.2.5
PAN-OS 11.1 versions earlier than 11.1.8
PAN-OS 11.1 versions earlier than 11.1.7-h2
PAN-OS 11.1 versions earlier than 11.1.6-h1
PAN-OS 11.1 versions earlier than 11.1.5
PAN-OS 11.1 versions earlier than 11.1.11
PAN-OS 11.0 versions earlier than 11.0.7
PAN-OS 10.2 versions earlier than 10.2.17
PAN-OS 10.2 versions earlier than 10.2.13
PAN-OS 10.2 versions earlier than 10.2.11
PAN-OS 10.1 versions earlier than 10.1.14-h14
PAN-OS 10.1 All versions
MetaDefender Endpoint Security SDK 4.3.0 versions earlier than 4.3.4451 on Windows
GlobalProtect App 6.3 versions earlier than 6.3.3 on macOS
GlobalProtect App 6.2 versions earlier than 6.2.8 on macOS
GlobalProtect App 6.1 All versions on macOS
GlobalProtect App 6.0 All versions on macOS
Cortex XDR Broker VM 26.0.0 versions earlier than 26.0.119
Cloud NGFW All versions

Solutions

Before installation of the software, please visit the vendor web-site for more details.

Apply fixes issued by the vendor:

Vulnerability Identifier

Source

Palo Alto

2025年5月16日星期五