216.73.217.86

CVE-2025-4614

· Published 09/10/2025 19:15 · Modified 09/10/2025 19:15

Labels: CVE-2025-4614 2025-10-09CVE-2025-4614CWE-497[email protected]

Essential information

Published
09/10/2025 19:15
Modified
09/10/2025 19:15
Author
Creator
CVSS
4.8 MEDIUM (v3) 4.8 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

An information disclosure vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to view session tokens of users authenticated to the firewall web UI. This may allow impersonation of users whose session tokens are leaked.   The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators. Cloud NGFW and Prisma® Access are not affected by this vulnerability.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
palo alto networks / pan-os cpe:2.3:a:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*

References