Unrated severityNVD Advisory· Published Oct 9, 2025· Updated Oct 9, 2025
PAN-OS: Session Token Disclosure Vulnerability
CVE-2025-4614
Description
An information disclosure vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to view session tokens of users authenticated to the firewall web UI. This may allow impersonation of users whose session tokens are leaked.
The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators.
Cloud NGFW and Prisma® Access are not affected by this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:*:*:*:*:*:*:*range: 11.2.0
- (no CPE)
- Range: All
- Range: All
Patches
Vulnerability mechanics
References
1- security.paloaltonetworks.com/CVE-2025-4614mitrevendor-advisory
News mentions
0No linked articles in our index yet.