vulnerability
Palo Alto Networks PAN-OS: CVE-2025-4614: PAN-OS: Session Token Disclosure Vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 3 | (AV:N/AC:L/Au:M/C:P/I:N/A:N) | Oct 8, 2025 | Oct 9, 2025 | Nov 5, 2025 |
Severity
3
CVSS
(AV:N/AC:L/Au:M/C:P/I:N/A:N)
Published
Oct 8, 2025
Added
Oct 9, 2025
Modified
Nov 5, 2025
Description
An information disclosure vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to view session tokens of users authenticated to the firewall web UI. This may allow impersonation of users whose session tokens are leaked.
The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators.
Cloud NGFW and Prisma® Access are not affected by this vulnerability.
The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators.
Cloud NGFW and Prisma® Access are not affected by this vulnerability.
Solution
palo-alto-networks-pan-os-upgrade-latest
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.