Unrated severityNVD Advisory· Published May 14, 2025· Updated May 15, 2025

PAN-OS: Firewall Denial-of-Service (DoS) in the Web-Proxy Feature via a Burst of Maliciously Crafted Packets

CVE-2025-0130

Description

A missing exception check in Palo Alto Networks PAN-OS® software with the web proxy feature enabled allows an unauthenticated attacker to send a burst of maliciously crafted packets that causes the firewall to become unresponsive and eventually reboot. Repeated successful attempts to trigger this condition will cause the firewall to enter maintenance mode.

This issue does not affect Cloud NGFW or Prisma Access.

Affected products

Paloaltonetworks/Pan Osv52 versions
cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:*:*:*:*:*:*:*range: 11.2.0
- (no CPE)
Paloaltonetworks/Cloud NGFWcpe-rescue
Range: All
Paloaltonetworks/Prisma Access Agentcpe-rescue
Range: All

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

security.paloaltonetworks.com/CVE-2025-0130mitrevendor-advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000