cvelistv5 - cve-2025-0122

CVE-2025-0122 (GCVE-0-2025-0122)

Vulnerability from cvelistv5

Published

2025-04-11 01:48

Modified

2025-04-11 16:02

Severity ?

5.1 (Medium) - CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/AU:Y/R:A/V:D/RE:L/U:Amber

CWE

CWE-770 - Allocation of Resources Without Limits or Throttling

Summary

A denial-of-service (DoS) vulnerability in Palo Alto Networks Prisma® SD-WAN ION devices enables an unauthenticated attacker in a network adjacent to a Prisma SD-WAN ION device to disrupt the packet processing capabilities of the device by sending a burst of crafted packets to that device.

References

URL

Tags

https://security.paloaltonetworks.com/CVE-2025-0122

vendor-advisory

Impacted products

	Vendor	Product	Version
	Palo Alto Networks	Prisma SD-WAN	Version: 6.5.0 < 6.5.1 Version: 6.4.0 < 6.4.2 Version: 6.3.0 < 6.3.4 Version: 6.2.0 < Version: 6.1.0 < 6.1.10

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-0122",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-11T15:38:04.495847Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-11T16:02:27.010Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Prisma SD-WAN",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "changes": [
                {
                  "at": "6.5.1",
                  "status": "unaffected"
                }
              ],
              "lessThan": "6.5.1",
              "status": "affected",
              "version": "6.5.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "6.4.2",
                  "status": "unaffected"
                }
              ],
              "lessThan": "6.4.2",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "6.3.4",
                  "status": "unaffected"
                }
              ],
              "lessThan": "6.3.4",
              "status": "affected",
              "version": "6.3.0",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "6.2.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "6.1.10",
                  "status": "unaffected"
                }
              ],
              "lessThan": "6.1.10",
              "status": "affected",
              "version": "6.1.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "No special configuration is needed to be vulnerable to this issue."
            }
          ],
          "value": "No special configuration is needed to be vulnerable to this issue."
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Vajrapu Venkata Sarat Kumar of Palo Alto Networks"
        }
      ],
      "datePublic": "2025-04-09T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A denial-of-service (DoS) vulnerability in Palo Alto Networks Prisma\u00ae SD-WAN ION devices enables an unauthenticated attacker in a network adjacent to a Prisma SD-WAN ION device to disrupt the packet processing capabilities of the device by sending a burst of crafted packets to that device."
            }
          ],
          "value": "A denial-of-service (DoS) vulnerability in Palo Alto Networks Prisma\u00ae SD-WAN ION devices enables an unauthenticated attacker in a network adjacent to a Prisma SD-WAN ION device to disrupt the packet processing capabilities of the device by sending a burst of crafted packets to that device."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
            }
          ],
          "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-482",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-482 TCP Flood"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "YES",
            "Recovery": "AUTOMATIC",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "PHYSICAL",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "providerUrgency": "AMBER",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "DIFFUSE",
            "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/AU:Y/R:A/V:D/RE:L/U:Amber",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "LOW"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-770",
              "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-11T01:48:04.772Z",
        "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "shortName": "palo_alto"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.paloaltonetworks.com/CVE-2025-0122"
        }
      ],
      "solutions": [
        {
          "lang": "eng",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003ctable class=\"tbl\"\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003c/th\u003e\u003cth\u003eSuggested Solution\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003ePrisma SD-WAN 6.5\u003c/td\u003e\u003ctd\u003eUpgrade to Prisma SD-WAN 6.5.1 or later\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePrisma SD-WAN 6.4\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eUpgrade to Prisma SD-WAN 6.4.2 or later\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePrisma SD-WAN 6.3\u003c/td\u003e\u003ctd\u003eUpgrade to Prisma SD-WAN 6.3.4 or later\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePrisma SD-WAN 6.2\u003c/td\u003e\u003ctd\u003eUpgrade to\u0026nbsp;Prisma SD-WAN 6.3.4 or later\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePrisma SD-WAN 6.1\u003c/td\u003e\u003ctd\u003eUpgrade to Prisma SD-WAN 6.1.10 or later\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
            }
          ],
          "value": "VersionSuggested SolutionPrisma SD-WAN 6.5Upgrade to Prisma SD-WAN 6.5.1 or laterPrisma SD-WAN 6.4\nUpgrade to Prisma SD-WAN 6.4.2 or laterPrisma SD-WAN 6.3Upgrade to Prisma SD-WAN 6.3.4 or laterPrisma SD-WAN 6.2Upgrade to\u00a0Prisma SD-WAN 6.3.4 or laterPrisma SD-WAN 6.1Upgrade to Prisma SD-WAN 6.1.10 or later"
        }
      ],
      "source": {
        "defect": [
          "CGSDW-23881"
        ],
        "discovery": "INTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2025-04-09T16:00:00.000Z",
          "value": "Initial Publication"
        }
      ],
      "title": "Prisma SD-WAN: Denial of Service (DoS) Vulnerability Through Burst of Crafted Packets",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "There are no known workarounds for this issue."
            }
          ],
          "value": "There are no known workarounds for this issue."
        }
      ],
      "x_affectedList": [
        "Prisma SD-WAN 6.5.0",
        "Prisma SD-WAN 6.4.0",
        "Prisma SD-WAN 6.4.1",
        "Prisma SD-WAN 6.3.0",
        "Prisma SD-WAN 6.3.1",
        "Prisma SD-WAN 6.3.2",
        "Prisma SD-WAN 6.3.3",
        "Prisma SD-WAN 6.1.0",
        "Prisma SD-WAN 6.1.1",
        "Prisma SD-WAN 6.1.2",
        "Prisma SD-WAN 6.1.3",
        "Prisma SD-WAN 6.1.4",
        "Prisma SD-WAN 6.1.5",
        "Prisma SD-WAN 6.1.6",
        "Prisma SD-WAN 6.1.7",
        "Prisma SD-WAN 6.1.8",
        "Prisma SD-WAN 6.1.9"
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
    "assignerShortName": "palo_alto",
    "cveId": "CVE-2025-0122",
    "datePublished": "2025-04-11T01:48:04.772Z",
    "dateReserved": "2024-12-20T23:23:23.383Z",
    "dateUpdated": "2025-04-11T16:02:27.010Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTFR-2025-AVI-0301

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Palo Alto Networks. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une élévation de privilèges et un déni de service à distance.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Palo Alto Networks	Prisma SD-WAN	Prisma SD-WAN versions 6.2.x et 6.3.x antérieures à 6.3.4
Palo Alto Networks	Prisma SD-WAN	Prisma SD-WAN versions 6.5.x antérieures à 6.5.1
Palo Alto Networks	Cortex XDR Agent	Cortex XDR Agent versions 8.3-CE.x antérieures à 8.3.101-CE HF pour Windows
Palo Alto Networks	PAN-OS	PAN-OS versions 11.2.x antérieures à 11.2.6
Palo Alto Networks	Prisma Access	Prisma Access versions 10.2.4.x antérieures à 10.2.4-h36
Palo Alto Networks	Cloud NGFW	Cloud NGFW sans les derniers correctifs de sécurité
Palo Alto Networks	Prisma Access	Prisma Access versions 11.2.x antérieures à 11.2.4-h5
Palo Alto Networks	GlobalProtect App	GlobalProtect App versions 6.x antérieures à 6.2.8 pour Windows
Palo Alto Networks	Cortex XDR Broker	Cortex XDR Broker VM versions antérieures à 26.100.3
Palo Alto Networks	GlobalProtect App	GlobalProtect App versions 6.3.x antérieures à 6.3.3 pour Windows
Palo Alto Networks	Prisma SD-WAN	Prisma SD-WAN versions 6.4.x antérieures à 6.4.2
Palo Alto Networks	Cortex XDR Agent	Cortex XDR Agent versions 8.6.x antérieures à 8.6.1 pour Windows
Palo Alto Networks	Prisma Access Browser	Prisma Access Browser versions antérieures à 132.83.3017.1
Palo Alto Networks	Prisma SD-WAN	Prisma SD-WAN versions 6.1.x antérieures à 6.1.10
Palo Alto Networks	Cortex XDR Agent	Cortex XDR Agent versions 8.5.x antérieures à 8.5.2 pour Windows
Palo Alto Networks	Prisma Access	Prisma Access versions 10.2.10.x antérieures à 10.2.10-h16
Palo Alto Networks	Cortex XDR Agent	Cortex XDR Agent versions 7.9-CE.x antérieures à 7.9.103-CE HF pour Windows
Palo Alto Networks	PAN-OS	PAN-OS versions 10.1.x antérieures à 10.1.14-h13
Palo Alto Networks	PAN-OS	PAN-OS versions 11.1.x antérieures à 11.1.8
Palo Alto Networks	PAN-OS	PAN-OS versions 11.0.x antérieures à 11.0.6
Palo Alto Networks	PAN-OS	PAN-OS versions 10.2.x antérieures à 10.2.15

References

Title

Publication Time

Tags

Bulletin de sécurité Palo Alto Networks CVE-2025-0122	2025-04-09	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2025-0120	2025-04-09	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2025-0128	2025-04-09	vendor-advisory
Bulletin de sécurité Palo Alto Networks PAN-SA-2025-0008	2025-04-09	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2025-0125	2025-04-09	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2025-0127	2025-04-09	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2025-0123	2025-04-09	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2025-0119	2025-04-09	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2025-0124	2025-04-09	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2025-0126	2025-04-09	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2025-0121	2025-04-09	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Prisma SD-WAN versions 6.2.x et 6.3.x ant\u00e9rieures \u00e0 6.3.4",
      "product": {
        "name": "Prisma SD-WAN",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Prisma SD-WAN versions 6.5.x ant\u00e9rieures \u00e0 6.5.1",
      "product": {
        "name": "Prisma SD-WAN",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Cortex XDR Agent versions 8.3-CE.x ant\u00e9rieures \u00e0 8.3.101-CE HF pour Windows",
      "product": {
        "name": "Cortex XDR Agent",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 11.2.x ant\u00e9rieures \u00e0 11.2.6",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Prisma Access versions 10.2.4.x ant\u00e9rieures \u00e0 10.2.4-h36",
      "product": {
        "name": "Prisma Access",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Cloud NGFW sans les derniers correctifs de s\u00e9curit\u00e9",
      "product": {
        "name": "Cloud NGFW",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Prisma Access versions 11.2.x ant\u00e9rieures \u00e0 11.2.4-h5",
      "product": {
        "name": "Prisma Access",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "GlobalProtect App versions 6.x ant\u00e9rieures \u00e0 6.2.8 pour Windows",
      "product": {
        "name": "GlobalProtect App",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Cortex XDR Broker VM versions ant\u00e9rieures \u00e0 26.100.3",
      "product": {
        "name": "Cortex XDR Broker",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "GlobalProtect App versions 6.3.x ant\u00e9rieures \u00e0 6.3.3 pour Windows",
      "product": {
        "name": "GlobalProtect App",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Prisma SD-WAN versions 6.4.x ant\u00e9rieures \u00e0 6.4.2",
      "product": {
        "name": "Prisma SD-WAN",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Cortex XDR Agent versions 8.6.x ant\u00e9rieures \u00e0 8.6.1 pour Windows",
      "product": {
        "name": "Cortex XDR Agent",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Prisma Access Browser versions ant\u00e9rieures \u00e0 132.83.3017.1",
      "product": {
        "name": "Prisma Access Browser",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Prisma SD-WAN versions 6.1.x ant\u00e9rieures \u00e0 6.1.10",
      "product": {
        "name": "Prisma SD-WAN",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Cortex XDR Agent versions 8.5.x ant\u00e9rieures \u00e0 8.5.2 pour Windows",
      "product": {
        "name": "Cortex XDR Agent",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Prisma Access versions 10.2.10.x ant\u00e9rieures \u00e0 10.2.10-h16",
      "product": {
        "name": "Prisma Access",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Cortex XDR Agent versions 7.9-CE.x ant\u00e9rieures \u00e0 7.9.103-CE HF pour Windows",
      "product": {
        "name": "Cortex XDR Agent",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 10.1.x ant\u00e9rieures \u00e0 10.1.14-h13",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 11.1.x ant\u00e9rieures \u00e0 11.1.8",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 11.0.x ant\u00e9rieures \u00e0 11.0.6",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 10.2.x ant\u00e9rieures \u00e0 10.2.15",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-0124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0124"
    },
    {
      "name": "CVE-2025-2783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-2783"
    },
    {
      "name": "CVE-2025-2136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-2136"
    },
    {
      "name": "CVE-2025-0120",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0120"
    },
    {
      "name": "CVE-2025-0128",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0128"
    },
    {
      "name": "CVE-2025-1920",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1920"
    },
    {
      "name": "CVE-2025-0126",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0126"
    },
    {
      "name": "CVE-2025-0129",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0129"
    },
    {
      "name": "CVE-2025-2135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-2135"
    },
    {
      "name": "CVE-2025-2137",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-2137"
    },
    {
      "name": "CVE-2025-0121",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0121"
    },
    {
      "name": "CVE-2025-0127",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0127"
    },
    {
      "name": "CVE-2025-0123",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0123"
    },
    {
      "name": "CVE-2025-0125",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0125"
    },
    {
      "name": "CVE-2025-0122",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0122"
    },
    {
      "name": "CVE-2025-0119",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0119"
    },
    {
      "name": "CVE-2025-2476",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-2476"
    }
  ],
  "initial_release_date": "2025-04-10T00:00:00",
  "last_revision_date": "2025-04-10T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0301",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-04-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Palo Alto Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Palo Alto Networks",
  "vendor_advisories": [
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0122",
      "url": "https://security.paloaltonetworks.com/CVE-2025-0122"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0120",
      "url": "https://security.paloaltonetworks.com/CVE-2025-0120"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0128",
      "url": "https://security.paloaltonetworks.com/CVE-2025-0128"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-SA-2025-0008",
      "url": "https://security.paloaltonetworks.com/PAN-SA-2025-0008"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0125",
      "url": "https://security.paloaltonetworks.com/CVE-2025-0125"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0127",
      "url": "https://security.paloaltonetworks.com/CVE-2025-0127"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0123",
      "url": "https://security.paloaltonetworks.com/CVE-2025-0123"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0119",
      "url": "https://security.paloaltonetworks.com/CVE-2025-0119"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0124",
      "url": "https://security.paloaltonetworks.com/CVE-2025-0124"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0126",
      "url": "https://security.paloaltonetworks.com/CVE-2025-0126"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0121",
      "url": "https://security.paloaltonetworks.com/CVE-2025-0121"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2025-0122 (GCVE-0-2025-0122)

Vulnerability from cvelistv5

CERTFR-2025-AVI-0301

Vulnerability from certfr_avis

Solutions

Tags

Sightings

Nomenclature