Unrated severityNVD Advisory· Published Oct 9, 2025· Updated Oct 9, 2025

PAN-OS: Session Token Disclosure Vulnerability

CVE-2025-4614

Description

An information disclosure vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to view session tokens of users authenticated to the firewall web UI. This may allow impersonation of users whose session tokens are leaked.

The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators.

Cloud NGFW and Prisma® Access are not affected by this vulnerability.

Affected products

Paloaltonetworks/Pan Osv52 versions
cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:*:*:*:*:*:*:*range: 11.2.0
- (no CPE)
Palo Alto Networks/Cloud NGFWv5
Range: All
Palo Alto Networks/Prisma Accessv5
Range: All

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

security.paloaltonetworks.com/CVE-2025-4614mitrevendor-advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000