vulnerability

Palo Alto Networks PAN-OS: CVE-2025-0130: PAN-OS: Firewall Denial-of-Service (DoS) in the Web-Proxy Feature via a Burst of Maliciously Crafted Packets

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:N/AC:L/Au:N/C:N/I:N/A:C)	May 14, 2025	May 15, 2025	Mar 25, 2026

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:N/A:C)

Published

May 14, 2025

Added

May 15, 2025

Modified

Mar 25, 2026

Description

A missing exception check in Palo Alto Networks PAN-OS® software with the web proxy feature enabled allows an unauthenticated attacker to send a burst of maliciously crafted packets that causes the firewall to become unresponsive and eventually reboot. Repeated successful attempts to trigger this condition will cause the firewall to enter maintenance mode.

This issue does not affect Cloud NGFW or Prisma Access.

Solution

palo-alto-networks-pan-os-upgrade-latest

References

CWE-754
CVE-2025-0130
https://attackerkb.com/topics/CVE-2025-0130
https://security.paloaltonetworks.com/CVE-2025-0130
https://euvd.enisa.europa.eu/vulnerability/EUVD-2025-14922

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report