vulnerability

Palo Alto Networks PAN-OS: CVE-2025-0130: PAN-OS: Firewall Denial-of-Service (DoS) in the Web-Proxy Feature via a Burst of Maliciously Crafted Packets

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:N/AC:L/Au:N/C:N/I:N/A:C)	May 14, 2025	May 15, 2025	May 15, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:N/A:C)

Published

May 14, 2025

Added

May 15, 2025

Modified

May 15, 2025

Description

A missing exception check in Palo Alto Networks PAN-OS® software with the web proxy feature enabled allows an unauthenticated attacker to send a burst of maliciously crafted packets that causes the firewall to become unresponsive and eventually reboot. Repeated successful attempts to trigger this condition will cause the firewall to enter maintenance mode.

This issue does not affect Cloud NGFW or Prisma Access.

Solution

palo-alto-networks-pan-os-upgrade-latest

References

CVE-2025-0130
https://attackerkb.com/topics/CVE-2025-0130
URL-https://security.paloaltonetworks.com/CVE-2025-0130

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today