cvelistv5 - cve-2025-0127

cve-2025-0127

Vulnerability from cvelistv5

Published

2025-04-11 02:01

Modified

2025-04-11 16:01

Severity ?

7.1 (High) - CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/AU:N/R:U/V:D/RE:M/U:Amber

Summary

A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. This issue is only applicable to PAN-OS VM-Series. This issue does not affect firewalls that are already deployed. Cloud NGFW and Prisma® Access are not affected by this vulnerability.

References

▼	URL	Tags
	psirt@paloaltonetworks.com	https://security.paloaltonetworks.com/CVE-2025-0127

Impacted products

Vendor

Product

Version

▼

Palo Alto Networks

Cloud NGFW

Patch: All

	Palo Alto Networks	PAN-OS	Patch: 11.2.0 Patch: 11.1.0 Version: 11.0.0 < 11.0.4 Version: 10.2.0 < 10.2.9 Version: 10.1.0 < 10.1.14-h13 cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:::::::* cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:::::::* cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:::::::* cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h11:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h10:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h9:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h8:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h7:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h6:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h5:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.13:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.1.12:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.1.11:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.1.7:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.1.2:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.1.1:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.1.0:::::::*
	Palo Alto Networks	Prisma Access	Patch: All

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2025-0127",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "total",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2025-04-11T15:13:55.222149Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2025-04-11T16:01:52.805Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "unaffected",
               product: "Cloud NGFW",
               vendor: "Palo Alto Networks",
               versions: [
                  {
                     status: "unaffected",
                     version: "All",
                     versionType: "custom",
                  },
               ],
            },
            {
               cpes: [
                  "cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:*:*:*:*:*:*:*",
                  "cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:*:*:*:*:*:*:*",
                  "cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:*:*:*:*:*:*:*",
                  "cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:*:*:*:*:*:*:*",
                  "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:*:*:*:*:*:*:*",
                  "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:*:*:*:*:*:*:*",
                  "cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:*:*:*:*:*:*:*",
                  "cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:*:*:*:*:*:*:*",
                  "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:*:*:*:*:*:*:*",
                  "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:*:*:*:*:*:*:*",
                  "cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:*:*:*:*:*:*:*",
                  "cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:*:*:*:*:*:*:*",
                  "cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:*:*:*:*:*:*:*",
                  "cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h11:*:*:*:*:*:*",
                  "cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h10:*:*:*:*:*:*",
                  "cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h9:*:*:*:*:*:*",
                  "cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h8:*:*:*:*:*:*",
                  "cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h7:*:*:*:*:*:*",
                  "cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h6:*:*:*:*:*:*",
                  "cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h5:*:*:*:*:*:*",
                  "cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h4:*:*:*:*:*:*",
                  "cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h3:*:*:*:*:*:*",
                  "cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h2:*:*:*:*:*:*",
                  "cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h1:*:*:*:*:*:*",
                  "cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:-:*:*:*:*:*:*",
                  "cpe:2.3:o:paloaltonetworks:pan-os:10.1.13:*:*:*:*:*:*:*",
                  "cpe:2.3:o:paloaltonetworks:pan-os:10.1.12:*:*:*:*:*:*:*",
                  "cpe:2.3:o:paloaltonetworks:pan-os:10.1.11:*:*:*:*:*:*:*",
                  "cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:*:*:*:*:*:*:*",
                  "cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:*:*:*:*:*:*:*",
                  "cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:*:*:*:*:*:*:*",
                  "cpe:2.3:o:paloaltonetworks:pan-os:10.1.7:*:*:*:*:*:*:*",
                  "cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:*:*:*:*:*:*:*",
                  "cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:*:*:*:*:*:*:*",
                  "cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:*:*:*:*:*:*:*",
                  "cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:*:*:*:*:*:*:*",
                  "cpe:2.3:o:paloaltonetworks:pan-os:10.1.2:*:*:*:*:*:*:*",
                  "cpe:2.3:o:paloaltonetworks:pan-os:10.1.1:*:*:*:*:*:*:*",
                  "cpe:2.3:o:paloaltonetworks:pan-os:10.1.0:*:*:*:*:*:*:*",
               ],
               defaultStatus: "unaffected",
               platforms: [
                  "VM-Series",
               ],
               product: "PAN-OS",
               vendor: "Palo Alto Networks",
               versions: [
                  {
                     status: "unaffected",
                     version: "11.2.0",
                     versionType: "custom",
                  },
                  {
                     status: "unaffected",
                     version: "11.1.0",
                     versionType: "custom",
                  },
                  {
                     changes: [
                        {
                           at: "11.0.4",
                           status: "unaffected",
                        },
                     ],
                     lessThan: "11.0.4",
                     status: "affected",
                     version: "11.0.0",
                     versionType: "custom",
                  },
                  {
                     changes: [
                        {
                           at: "10.2.9",
                           status: "unaffected",
                        },
                     ],
                     lessThan: "10.2.9",
                     status: "affected",
                     version: "10.2.0",
                     versionType: "custom",
                  },
                  {
                     changes: [
                        {
                           at: "10.1.14-h13",
                           status: "unaffected",
                        },
                     ],
                     lessThan: "10.1.14-h13",
                     status: "affected",
                     version: "10.1.0",
                     versionType: "custom",
                  },
               ],
            },
            {
               defaultStatus: "unaffected",
               product: "Prisma Access",
               vendor: "Palo Alto Networks",
               versions: [
                  {
                     status: "unaffected",
                     version: "All",
                     versionType: "custom",
                  },
               ],
            },
         ],
         configurations: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "No special configuration is required to be affected by this issue.",
                  },
               ],
               value: "No special configuration is required to be affected by this issue.",
            },
         ],
         credits: [
            {
               lang: "en",
               type: "finder",
               value: "Pavel Raunou",
            },
         ],
         datePublic: "2025-04-09T16:00:00.000Z",
         descriptions: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. This issue is only applicable to PAN-OS VM-Series. This issue does not affect firewalls that are already deployed.<b><br><br></b>Cloud NGFW and Prisma® Access are not affected by this vulnerability.",
                  },
               ],
               value: "A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. This issue is only applicable to PAN-OS VM-Series. This issue does not affect firewalls that are already deployed.\n\nCloud NGFW and Prisma® Access are not affected by this vulnerability.",
            },
         ],
         exploits: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "Palo Alto Networks is not aware of any malicious exploitation of this issue.",
                  },
               ],
               value: "Palo Alto Networks is not aware of any malicious exploitation of this issue.",
            },
         ],
         impacts: [
            {
               capecId: "CAPEC-248",
               descriptions: [
                  {
                     lang: "en",
                     value: "CAPEC-248 Command Injection",
                  },
               ],
            },
         ],
         metrics: [
            {
               cvssV4_0: {
                  Automatable: "NO",
                  Recovery: "USER",
                  Safety: "NOT_DEFINED",
                  attackComplexity: "LOW",
                  attackRequirements: "PRESENT",
                  attackVector: "LOCAL",
                  baseScore: 7.1,
                  baseSeverity: "HIGH",
                  privilegesRequired: "HIGH",
                  providerUrgency: "AMBER",
                  subAvailabilityImpact: "NONE",
                  subConfidentialityImpact: "NONE",
                  subIntegrityImpact: "NONE",
                  userInteraction: "NONE",
                  valueDensity: "DIFFUSE",
                  vectorString: "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/AU:N/R:U/V:D/RE:M/U:Amber",
                  version: "4.0",
                  vulnAvailabilityImpact: "HIGH",
                  vulnConfidentialityImpact: "HIGH",
                  vulnIntegrityImpact: "HIGH",
                  vulnerabilityResponseEffort: "MODERATE",
               },
               format: "CVSS",
               scenarios: [
                  {
                     lang: "en",
                     value: "GENERAL",
                  },
               ],
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-78",
                     description: "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2025-04-11T02:01:35.087Z",
            orgId: "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
            shortName: "palo_alto",
         },
         references: [
            {
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.paloaltonetworks.com/CVE-2025-0127",
            },
         ],
         solutions: [
            {
               lang: "eng",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "<div><br></div><table class=\"tbl\"><thead><tr><th>Version</th><th>Minor Version</th><th>Suggested Solution</th></tr></thead><tbody><tr><td>PAN-OS 11.2 on VM-Series<br></td><td><br></td><td>No action needed<br></td></tr><tr><td>PAN-OS 11.1&nbsp;on VM-Series<br></td><td><br></td><td>No action needed<br></td></tr><tr><td>PAN-OS 11.0&nbsp;on VM-Series<br></td><td>11.0.0 through 11.0.3<br></td><td>Upgrade to 11.0.4 or later<br></td></tr><tr><td>PAN-OS 10.2&nbsp;on VM-Series<br></td><td>10.2.0 through 10.2.8<br></td><td>Upgrade to 10.2.9 or later<br></td></tr><tr><td>PAN-OS 10.1&nbsp;on VM-Series<br></td><td>10.1.0 through 10.1.14<br></td><td>Upgrade to 10.1.14-h13 or later<br></td></tr><tr><td>PAN-OS on non VM-Series platforms</td><td><br></td><td>No action needed</td></tr><tr><td>All other older unsupported PAN-OS versions<br></td><td><br></td><td>Upgrade to a supported fixed version<br></td></tr></tbody></table><b><br></b>PAN-OS 11.0 is EoL. We listed it in this section for completeness because we added a patch for PAN-OS 11.0 before it reached EoL. If you are running PAN-OS 11.0 in any of your firewalls, we strongly recommend that you upgrade from this EoL vulnerable version to a fixed version.",
                  },
               ],
               value: "VersionMinor VersionSuggested SolutionPAN-OS 11.2 on VM-Series\n\nNo action needed\nPAN-OS 11.1 on VM-Series\n\nNo action needed\nPAN-OS 11.0 on VM-Series\n11.0.0 through 11.0.3\nUpgrade to 11.0.4 or later\nPAN-OS 10.2 on VM-Series\n10.2.0 through 10.2.8\nUpgrade to 10.2.9 or later\nPAN-OS 10.1 on VM-Series\n10.1.0 through 10.1.14\nUpgrade to 10.1.14-h13 or later\nPAN-OS on non VM-Series platforms\nNo action neededAll other older unsupported PAN-OS versions\n\nUpgrade to a supported fixed version\n\nPAN-OS 11.0 is EoL. We listed it in this section for completeness because we added a patch for PAN-OS 11.0 before it reached EoL. If you are running PAN-OS 11.0 in any of your firewalls, we strongly recommend that you upgrade from this EoL vulnerable version to a fixed version.",
            },
         ],
         source: {
            defect: [
               "PAN-225690",
            ],
            discovery: "INTERNAL",
         },
         timeline: [
            {
               lang: "en",
               time: "2025-04-09T16:00:00.000Z",
               value: "Initial Publication",
            },
         ],
         title: "PAN-OS: Authenticated Admin Command Injection Vulnerability in PAN-OS VM-Series",
         workarounds: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "No workaround or mitigation is available.",
                  },
               ],
               value: "No workaround or mitigation is available.",
            },
         ],
         x_affectedList: [
            "PAN-OS 11.0.3-h13",
            "PAN-OS 11.0.3-h12",
            "PAN-OS 11.0.3-h11",
            "PAN-OS 11.0.3-h10",
            "PAN-OS 11.0.3-h9",
            "PAN-OS 11.0.3-h8",
            "PAN-OS 11.0.3-h7",
            "PAN-OS 11.0.3-h6",
            "PAN-OS 11.0.3-h5",
            "PAN-OS 11.0.3-h4",
            "PAN-OS 11.0.3-h3",
            "PAN-OS 11.0.3-h2",
            "PAN-OS 11.0.3-h1",
            "PAN-OS 11.0.3",
            "PAN-OS 11.0.2-h5",
            "PAN-OS 11.0.2-h4",
            "PAN-OS 11.0.2-h3",
            "PAN-OS 11.0.2-h2",
            "PAN-OS 11.0.2-h1",
            "PAN-OS 11.0.2",
            "PAN-OS 11.0.1-h5",
            "PAN-OS 11.0.1-h4",
            "PAN-OS 11.0.1-h3",
            "PAN-OS 11.0.1-h2",
            "PAN-OS 11.0.1-h1",
            "PAN-OS 11.0.1",
            "PAN-OS 11.0.0-h4",
            "PAN-OS 11.0.0-h3",
            "PAN-OS 11.0.0-h2",
            "PAN-OS 11.0.0-h1",
            "PAN-OS 11.0.0",
            "PAN-OS 10.2.8-h21",
            "PAN-OS 10.2.8-h20",
            "PAN-OS 10.2.8-h19",
            "PAN-OS 10.2.8-h18",
            "PAN-OS 10.2.8-h17",
            "PAN-OS 10.2.8-h16",
            "PAN-OS 10.2.8-h15",
            "PAN-OS 10.2.8-h14",
            "PAN-OS 10.2.8-h13",
            "PAN-OS 10.2.8-h12",
            "PAN-OS 10.2.8-h11",
            "PAN-OS 10.2.8-h10",
            "PAN-OS 10.2.8-h9",
            "PAN-OS 10.2.8-h8",
            "PAN-OS 10.2.8-h7",
            "PAN-OS 10.2.8-h6",
            "PAN-OS 10.2.8-h5",
            "PAN-OS 10.2.8-h4",
            "PAN-OS 10.2.8-h3",
            "PAN-OS 10.2.8-h2",
            "PAN-OS 10.2.8-h1",
            "PAN-OS 10.2.8",
            "PAN-OS 10.2.7-h24",
            "PAN-OS 10.2.7-h23",
            "PAN-OS 10.2.7-h22",
            "PAN-OS 10.2.7-h21",
            "PAN-OS 10.2.7-h20",
            "PAN-OS 10.2.7-h19",
            "PAN-OS 10.2.7-h18",
            "PAN-OS 10.2.7-h17",
            "PAN-OS 10.2.7-h16",
            "PAN-OS 10.2.7-h15",
            "PAN-OS 10.2.7-h14",
            "PAN-OS 10.2.7-h13",
            "PAN-OS 10.2.7-h12",
            "PAN-OS 10.2.7-h11",
            "PAN-OS 10.2.7-h10",
            "PAN-OS 10.2.7-h9",
            "PAN-OS 10.2.7-h8",
            "PAN-OS 10.2.7-h7",
            "PAN-OS 10.2.7-h6",
            "PAN-OS 10.2.7-h5",
            "PAN-OS 10.2.7-h4",
            "PAN-OS 10.2.7-h3",
            "PAN-OS 10.2.7-h2",
            "PAN-OS 10.2.7-h1",
            "PAN-OS 10.2.7",
            "PAN-OS 10.2.6-h6",
            "PAN-OS 10.2.6-h5",
            "PAN-OS 10.2.6-h4",
            "PAN-OS 10.2.6-h3",
            "PAN-OS 10.2.6-h2",
            "PAN-OS 10.2.6-h1",
            "PAN-OS 10.2.6",
            "PAN-OS 10.2.5-h9",
            "PAN-OS 10.2.5-h8",
            "PAN-OS 10.2.5-h7",
            "PAN-OS 10.2.5-h6",
            "PAN-OS 10.2.5-h5",
            "PAN-OS 10.2.5-h4",
            "PAN-OS 10.2.5-h3",
            "PAN-OS 10.2.5-h2",
            "PAN-OS 10.2.5-h1",
            "PAN-OS 10.2.5",
            "PAN-OS 10.2.4-h32",
            "PAN-OS 10.2.4-h31",
            "PAN-OS 10.2.4-h30",
            "PAN-OS 10.2.4-h29",
            "PAN-OS 10.2.4-h28",
            "PAN-OS 10.2.4-h27",
            "PAN-OS 10.2.4-h26",
            "PAN-OS 10.2.4-h25",
            "PAN-OS 10.2.4-h24",
            "PAN-OS 10.2.4-h23",
            "PAN-OS 10.2.4-h22",
            "PAN-OS 10.2.4-h21",
            "PAN-OS 10.2.4-h20",
            "PAN-OS 10.2.4-h19",
            "PAN-OS 10.2.4-h18",
            "PAN-OS 10.2.4-h17",
            "PAN-OS 10.2.4-h16",
            "PAN-OS 10.2.4-h15",
            "PAN-OS 10.2.4-h14",
            "PAN-OS 10.2.4-h13",
            "PAN-OS 10.2.4-h12",
            "PAN-OS 10.2.4-h11",
            "PAN-OS 10.2.4-h10",
            "PAN-OS 10.2.4-h9",
            "PAN-OS 10.2.4-h8",
            "PAN-OS 10.2.4-h7",
            "PAN-OS 10.2.4-h6",
            "PAN-OS 10.2.4-h5",
            "PAN-OS 10.2.4-h4",
            "PAN-OS 10.2.4-h3",
            "PAN-OS 10.2.4-h2",
            "PAN-OS 10.2.4-h1",
            "PAN-OS 10.2.4",
            "PAN-OS 10.2.3-h14",
            "PAN-OS 10.2.3-h13",
            "PAN-OS 10.2.3-h12",
            "PAN-OS 10.2.3-h11",
            "PAN-OS 10.2.3-h10",
            "PAN-OS 10.2.3-h9",
            "PAN-OS 10.2.3-h8",
            "PAN-OS 10.2.3-h7",
            "PAN-OS 10.2.3-h6",
            "PAN-OS 10.2.3-h5",
            "PAN-OS 10.2.3-h4",
            "PAN-OS 10.2.3-h3",
            "PAN-OS 10.2.3-h2",
            "PAN-OS 10.2.3-h1",
            "PAN-OS 10.2.3",
            "PAN-OS 10.2.2-h6",
            "PAN-OS 10.2.2-h5",
            "PAN-OS 10.2.2-h4",
            "PAN-OS 10.2.2-h3",
            "PAN-OS 10.2.2-h2",
            "PAN-OS 10.2.2-h1",
            "PAN-OS 10.2.2",
            "PAN-OS 10.2.1-h3",
            "PAN-OS 10.2.1-h2",
            "PAN-OS 10.2.1-h1",
            "PAN-OS 10.2.1",
            "PAN-OS 10.2.0-h4",
            "PAN-OS 10.2.0-h3",
            "PAN-OS 10.2.0-h2",
            "PAN-OS 10.2.0-h1",
            "PAN-OS 10.2.0",
            "PAN-OS 10.1.14-h11",
            "PAN-OS 10.1.14-h10",
            "PAN-OS 10.1.14-h9",
            "PAN-OS 10.1.14-h8",
            "PAN-OS 10.1.14-h7",
            "PAN-OS 10.1.14-h6",
            "PAN-OS 10.1.14-h5",
            "PAN-OS 10.1.14-h4",
            "PAN-OS 10.1.14-h3",
            "PAN-OS 10.1.14-h2",
            "PAN-OS 10.1.14-h1",
            "PAN-OS 10.1.14",
            "PAN-OS 10.1.13-h5",
            "PAN-OS 10.1.13-h4",
            "PAN-OS 10.1.13-h3",
            "PAN-OS 10.1.13-h2",
            "PAN-OS 10.1.13-h1",
            "PAN-OS 10.1.13",
            "PAN-OS 10.1.12-h3",
            "PAN-OS 10.1.12-h2",
            "PAN-OS 10.1.12-h1",
            "PAN-OS 10.1.12",
            "PAN-OS 10.1.11-h10",
            "PAN-OS 10.1.11-h9",
            "PAN-OS 10.1.11-h8",
            "PAN-OS 10.1.11-h7",
            "PAN-OS 10.1.11-h6",
            "PAN-OS 10.1.11-h5",
            "PAN-OS 10.1.11-h4",
            "PAN-OS 10.1.11-h3",
            "PAN-OS 10.1.11-h2",
            "PAN-OS 10.1.11-h1",
            "PAN-OS 10.1.11",
            "PAN-OS 10.1.10-h9",
            "PAN-OS 10.1.10-h8",
            "PAN-OS 10.1.10-h7",
            "PAN-OS 10.1.10-h6",
            "PAN-OS 10.1.10-h5",
            "PAN-OS 10.1.10-h4",
            "PAN-OS 10.1.10-h3",
            "PAN-OS 10.1.10-h2",
            "PAN-OS 10.1.10-h1",
            "PAN-OS 10.1.10",
            "PAN-OS 10.1.9-h14",
            "PAN-OS 10.1.9-h13",
            "PAN-OS 10.1.9-h12",
            "PAN-OS 10.1.9-h11",
            "PAN-OS 10.1.9-h10",
            "PAN-OS 10.1.9-h9",
            "PAN-OS 10.1.9-h8",
            "PAN-OS 10.1.9-h7",
            "PAN-OS 10.1.9-h6",
            "PAN-OS 10.1.9-h5",
            "PAN-OS 10.1.9-h4",
            "PAN-OS 10.1.9-h3",
            "PAN-OS 10.1.9-h2",
            "PAN-OS 10.1.9-h1",
            "PAN-OS 10.1.9",
            "PAN-OS 10.1.8-h8",
            "PAN-OS 10.1.8-h7",
            "PAN-OS 10.1.8-h6",
            "PAN-OS 10.1.8-h5",
            "PAN-OS 10.1.8-h4",
            "PAN-OS 10.1.8-h3",
            "PAN-OS 10.1.8-h2",
            "PAN-OS 10.1.8-h1",
            "PAN-OS 10.1.8",
            "PAN-OS 10.1.7-h1",
            "PAN-OS 10.1.7",
            "PAN-OS 10.1.6-h9",
            "PAN-OS 10.1.6-h8",
            "PAN-OS 10.1.6-h7",
            "PAN-OS 10.1.6-h6",
            "PAN-OS 10.1.6-h5",
            "PAN-OS 10.1.6-h4",
            "PAN-OS 10.1.6-h3",
            "PAN-OS 10.1.6-h2",
            "PAN-OS 10.1.6-h1",
            "PAN-OS 10.1.6",
            "PAN-OS 10.1.5-h4",
            "PAN-OS 10.1.5-h3",
            "PAN-OS 10.1.5-h2",
            "PAN-OS 10.1.5-h1",
            "PAN-OS 10.1.5",
            "PAN-OS 10.1.4-h6",
            "PAN-OS 10.1.4-h5",
            "PAN-OS 10.1.4-h4",
            "PAN-OS 10.1.4-h3",
            "PAN-OS 10.1.4-h2",
            "PAN-OS 10.1.4-h1",
            "PAN-OS 10.1.4",
            "PAN-OS 10.1.3-h4",
            "PAN-OS 10.1.3-h3",
            "PAN-OS 10.1.3-h2",
            "PAN-OS 10.1.3-h1",
            "PAN-OS 10.1.3",
            "PAN-OS 10.1.2",
            "PAN-OS 10.1.1",
            "PAN-OS 10.1.0",
         ],
         x_generator: {
            engine: "Vulnogram 0.1.0-dev",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
      assignerShortName: "palo_alto",
      cveId: "CVE-2025-0127",
      datePublished: "2025-04-11T02:01:35.087Z",
      dateReserved: "2024-12-20T23:23:28.050Z",
      dateUpdated: "2025-04-11T16:01:52.805Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
   "vulnerability-lookup:meta": {
      nvd: "{\"cve\":{\"id\":\"CVE-2025-0127\",\"sourceIdentifier\":\"psirt@paloaltonetworks.com\",\"published\":\"2025-04-11T02:15:19.120\",\"lastModified\":\"2025-04-11T15:39:52.920\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. This issue is only applicable to PAN-OS VM-Series. This issue does not affect firewalls that are already deployed.\\n\\nCloud NGFW and Prisma® Access are not affected by this vulnerability.\"},{\"lang\":\"es\",\"value\":\" Una vulnerabilidad de inyección de comandos en el software PAN-OS® de Palo Alto Networks permite a un administrador autenticado omitir las restricciones del sistema y ejecutar comandos arbitrarios como usuario root. Este problema solo se aplica a la serie VM de PAN-OS. Este problema no afecta a los firewalls que ya están implementados. Cloud NGFW y Prisma® Access no se ven afectados por esta vulnerabilidad.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"psirt@paloaltonetworks.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"PRESENT\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NO\",\"Recovery\":\"USER\",\"valueDensity\":\"DIFFUSE\",\"vulnerabilityResponseEffort\":\"MODERATE\",\"providerUrgency\":\"AMBER\"}}]},\"weaknesses\":[{\"source\":\"psirt@paloaltonetworks.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]}],\"references\":[{\"url\":\"https://security.paloaltonetworks.com/CVE-2025-0127\",\"source\":\"psirt@paloaltonetworks.com\"}]}}",
      vulnrichment: {
         containers: "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-0127\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-11T15:13:55.222149Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-11T15:33:15.600Z\"}}], \"cna\": {\"title\": \"PAN-OS: Authenticated Admin Command Injection Vulnerability in PAN-OS VM-Series\", \"source\": {\"defect\": [\"PAN-225690\"], \"discovery\": \"INTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Pavel Raunou\"}], \"impacts\": [{\"capecId\": \"CAPEC-248\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-248 Command Injection\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"USER\", \"baseScore\": 7.1, \"Automatable\": \"NO\", \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"valueDensity\": \"DIFFUSE\", \"vectorString\": \"CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/AU:N/R:U/V:D/RE:M/U:Amber\", \"providerUrgency\": \"AMBER\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"HIGH\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnerabilityResponseEffort\": \"MODERATE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Palo Alto Networks\", \"product\": \"Cloud NGFW\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"All\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:*:*:*:*:*:*:*\", \"cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:*:*:*:*:*:*:*\", \"cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:*:*:*:*:*:*:*\", \"cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:*:*:*:*:*:*:*\", \"cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:*:*:*:*:*:*:*\", \"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:*:*:*:*:*:*:*\", \"cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:*:*:*:*:*:*:*\", \"cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:*:*:*:*:*:*:*\", \"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:*:*:*:*:*:*:*\", \"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:*:*:*:*:*:*:*\", \"cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:*:*:*:*:*:*:*\", \"cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:*:*:*:*:*:*:*\", \"cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:*:*:*:*:*:*:*\", \"cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h11:*:*:*:*:*:*\", \"cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h10:*:*:*:*:*:*\", \"cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h9:*:*:*:*:*:*\", \"cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h8:*:*:*:*:*:*\", \"cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h7:*:*:*:*:*:*\", \"cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h6:*:*:*:*:*:*\", \"cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h5:*:*:*:*:*:*\", \"cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h4:*:*:*:*:*:*\", \"cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h3:*:*:*:*:*:*\", \"cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h2:*:*:*:*:*:*\", \"cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h1:*:*:*:*:*:*\", \"cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:-:*:*:*:*:*:*\", \"cpe:2.3:o:paloaltonetworks:pan-os:10.1.13:*:*:*:*:*:*:*\", \"cpe:2.3:o:paloaltonetworks:pan-os:10.1.12:*:*:*:*:*:*:*\", \"cpe:2.3:o:paloaltonetworks:pan-os:10.1.11:*:*:*:*:*:*:*\", \"cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:*:*:*:*:*:*:*\", \"cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:*:*:*:*:*:*:*\", \"cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:*:*:*:*:*:*:*\", \"cpe:2.3:o:paloaltonetworks:pan-os:10.1.7:*:*:*:*:*:*:*\", \"cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:*:*:*:*:*:*:*\", \"cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:*:*:*:*:*:*:*\", \"cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:*:*:*:*:*:*:*\", \"cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:*:*:*:*:*:*:*\", \"cpe:2.3:o:paloaltonetworks:pan-os:10.1.2:*:*:*:*:*:*:*\", \"cpe:2.3:o:paloaltonetworks:pan-os:10.1.1:*:*:*:*:*:*:*\", \"cpe:2.3:o:paloaltonetworks:pan-os:10.1.0:*:*:*:*:*:*:*\"], \"vendor\": \"Palo Alto Networks\", \"product\": \"PAN-OS\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"11.2.0\", \"versionType\": \"custom\"}, {\"status\": \"unaffected\", \"version\": \"11.1.0\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"changes\": [{\"at\": \"11.0.4\", \"status\": \"unaffected\"}], \"version\": \"11.0.0\", \"lessThan\": \"11.0.4\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"changes\": [{\"at\": \"10.2.9\", \"status\": \"unaffected\"}], \"version\": \"10.2.0\", \"lessThan\": \"10.2.9\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"changes\": [{\"at\": \"10.1.14-h13\", \"status\": \"unaffected\"}], \"version\": \"10.1.0\", \"lessThan\": \"10.1.14-h13\", \"versionType\": \"custom\"}], \"platforms\": [\"VM-Series\"], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Palo Alto Networks\", \"product\": \"Prisma Access\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"All\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}], \"exploits\": [{\"lang\": \"en\", \"value\": \"Palo Alto Networks is not aware of any malicious exploitation of this issue.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Palo Alto Networks is not aware of any malicious exploitation of this issue.\", \"base64\": false}]}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2025-04-09T16:00:00.000Z\", \"value\": \"Initial Publication\"}], \"solutions\": [{\"lang\": \"eng\", \"value\": \"VersionMinor VersionSuggested SolutionPAN-OS 11.2 on VM-Series\\n\\nNo action needed\\nPAN-OS 11.1\\u00a0on VM-Series\\n\\nNo action needed\\nPAN-OS 11.0\\u00a0on VM-Series\\n11.0.0 through 11.0.3\\nUpgrade to 11.0.4 or later\\nPAN-OS 10.2\\u00a0on VM-Series\\n10.2.0 through 10.2.8\\nUpgrade to 10.2.9 or later\\nPAN-OS 10.1\\u00a0on VM-Series\\n10.1.0 through 10.1.14\\nUpgrade to 10.1.14-h13 or later\\nPAN-OS on non VM-Series platforms\\nNo action neededAll other older unsupported PAN-OS versions\\n\\nUpgrade to a supported fixed version\\n\\nPAN-OS 11.0 is EoL. We listed it in this section for completeness because we added a patch for PAN-OS 11.0 before it reached EoL. If you are running PAN-OS 11.0 in any of your firewalls, we strongly recommend that you upgrade from this EoL vulnerable version to a fixed version.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"<div><br></div><table class=\\\"tbl\\\"><thead><tr><th>Version</th><th>Minor Version</th><th>Suggested Solution</th></tr></thead><tbody><tr><td>PAN-OS 11.2 on VM-Series<br></td><td><br></td><td>No action needed<br></td></tr><tr><td>PAN-OS 11.1&nbsp;on VM-Series<br></td><td><br></td><td>No action needed<br></td></tr><tr><td>PAN-OS 11.0&nbsp;on VM-Series<br></td><td>11.0.0 through 11.0.3<br></td><td>Upgrade to 11.0.4 or later<br></td></tr><tr><td>PAN-OS 10.2&nbsp;on VM-Series<br></td><td>10.2.0 through 10.2.8<br></td><td>Upgrade to 10.2.9 or later<br></td></tr><tr><td>PAN-OS 10.1&nbsp;on VM-Series<br></td><td>10.1.0 through 10.1.14<br></td><td>Upgrade to 10.1.14-h13 or later<br></td></tr><tr><td>PAN-OS on non VM-Series platforms</td><td><br></td><td>No action needed</td></tr><tr><td>All other older unsupported PAN-OS versions<br></td><td><br></td><td>Upgrade to a supported fixed version<br></td></tr></tbody></table><b><br></b>PAN-OS 11.0 is EoL. We listed it in this section for completeness because we added a patch for PAN-OS 11.0 before it reached EoL. If you are running PAN-OS 11.0 in any of your firewalls, we strongly recommend that you upgrade from this EoL vulnerable version to a fixed version.\", \"base64\": false}]}], \"datePublic\": \"2025-04-09T16:00:00.000Z\", \"references\": [{\"url\": \"https://security.paloaltonetworks.com/CVE-2025-0127\", \"tags\": [\"vendor-advisory\"]}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"No workaround or mitigation is available.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"No workaround or mitigation is available.\", \"base64\": false}]}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A command injection vulnerability in Palo Alto Networks PAN-OS\\u00ae software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. This issue is only applicable to PAN-OS VM-Series. This issue does not affect firewalls that are already deployed.\\n\\nCloud NGFW and Prisma\\u00ae Access are not affected by this vulnerability.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"A command injection vulnerability in Palo Alto Networks PAN-OS\\u00ae software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. This issue is only applicable to PAN-OS VM-Series. This issue does not affect firewalls that are already deployed.<b><br><br></b>Cloud NGFW and Prisma\\u00ae Access are not affected by this vulnerability.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-78\", \"description\": \"CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')\"}]}], \"configurations\": [{\"lang\": \"en\", \"value\": \"No special configuration is required to be affected by this issue.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"No special configuration is required to be affected by this issue.\", \"base64\": false}]}], \"x_affectedList\": [\"PAN-OS 11.0.3-h13\", \"PAN-OS 11.0.3-h12\", \"PAN-OS 11.0.3-h11\", \"PAN-OS 11.0.3-h10\", \"PAN-OS 11.0.3-h9\", \"PAN-OS 11.0.3-h8\", \"PAN-OS 11.0.3-h7\", \"PAN-OS 11.0.3-h6\", \"PAN-OS 11.0.3-h5\", \"PAN-OS 11.0.3-h4\", \"PAN-OS 11.0.3-h3\", \"PAN-OS 11.0.3-h2\", \"PAN-OS 11.0.3-h1\", \"PAN-OS 11.0.3\", \"PAN-OS 11.0.2-h5\", \"PAN-OS 11.0.2-h4\", \"PAN-OS 11.0.2-h3\", \"PAN-OS 11.0.2-h2\", \"PAN-OS 11.0.2-h1\", \"PAN-OS 11.0.2\", \"PAN-OS 11.0.1-h5\", \"PAN-OS 11.0.1-h4\", \"PAN-OS 11.0.1-h3\", \"PAN-OS 11.0.1-h2\", \"PAN-OS 11.0.1-h1\", \"PAN-OS 11.0.1\", \"PAN-OS 11.0.0-h4\", \"PAN-OS 11.0.0-h3\", \"PAN-OS 11.0.0-h2\", \"PAN-OS 11.0.0-h1\", \"PAN-OS 11.0.0\", \"PAN-OS 10.2.8-h21\", \"PAN-OS 10.2.8-h20\", \"PAN-OS 10.2.8-h19\", \"PAN-OS 10.2.8-h18\", \"PAN-OS 10.2.8-h17\", \"PAN-OS 10.2.8-h16\", \"PAN-OS 10.2.8-h15\", \"PAN-OS 10.2.8-h14\", \"PAN-OS 10.2.8-h13\", \"PAN-OS 10.2.8-h12\", \"PAN-OS 10.2.8-h11\", \"PAN-OS 10.2.8-h10\", \"PAN-OS 10.2.8-h9\", \"PAN-OS 10.2.8-h8\", \"PAN-OS 10.2.8-h7\", \"PAN-OS 10.2.8-h6\", \"PAN-OS 10.2.8-h5\", \"PAN-OS 10.2.8-h4\", \"PAN-OS 10.2.8-h3\", \"PAN-OS 10.2.8-h2\", \"PAN-OS 10.2.8-h1\", \"PAN-OS 10.2.8\", \"PAN-OS 10.2.7-h24\", \"PAN-OS 10.2.7-h23\", \"PAN-OS 10.2.7-h22\", \"PAN-OS 10.2.7-h21\", \"PAN-OS 10.2.7-h20\", \"PAN-OS 10.2.7-h19\", \"PAN-OS 10.2.7-h18\", \"PAN-OS 10.2.7-h17\", \"PAN-OS 10.2.7-h16\", \"PAN-OS 10.2.7-h15\", \"PAN-OS 10.2.7-h14\", \"PAN-OS 10.2.7-h13\", \"PAN-OS 10.2.7-h12\", \"PAN-OS 10.2.7-h11\", \"PAN-OS 10.2.7-h10\", \"PAN-OS 10.2.7-h9\", \"PAN-OS 10.2.7-h8\", \"PAN-OS 10.2.7-h7\", \"PAN-OS 10.2.7-h6\", \"PAN-OS 10.2.7-h5\", \"PAN-OS 10.2.7-h4\", \"PAN-OS 10.2.7-h3\", \"PAN-OS 10.2.7-h2\", \"PAN-OS 10.2.7-h1\", \"PAN-OS 10.2.7\", \"PAN-OS 10.2.6-h6\", \"PAN-OS 10.2.6-h5\", \"PAN-OS 10.2.6-h4\", \"PAN-OS 10.2.6-h3\", \"PAN-OS 10.2.6-h2\", \"PAN-OS 10.2.6-h1\", \"PAN-OS 10.2.6\", \"PAN-OS 10.2.5-h9\", \"PAN-OS 10.2.5-h8\", \"PAN-OS 10.2.5-h7\", \"PAN-OS 10.2.5-h6\", \"PAN-OS 10.2.5-h5\", \"PAN-OS 10.2.5-h4\", \"PAN-OS 10.2.5-h3\", \"PAN-OS 10.2.5-h2\", \"PAN-OS 10.2.5-h1\", \"PAN-OS 10.2.5\", \"PAN-OS 10.2.4-h32\", \"PAN-OS 10.2.4-h31\", \"PAN-OS 10.2.4-h30\", \"PAN-OS 10.2.4-h29\", \"PAN-OS 10.2.4-h28\", \"PAN-OS 10.2.4-h27\", \"PAN-OS 10.2.4-h26\", \"PAN-OS 10.2.4-h25\", \"PAN-OS 10.2.4-h24\", \"PAN-OS 10.2.4-h23\", \"PAN-OS 10.2.4-h22\", \"PAN-OS 10.2.4-h21\", \"PAN-OS 10.2.4-h20\", \"PAN-OS 10.2.4-h19\", \"PAN-OS 10.2.4-h18\", \"PAN-OS 10.2.4-h17\", \"PAN-OS 10.2.4-h16\", \"PAN-OS 10.2.4-h15\", \"PAN-OS 10.2.4-h14\", \"PAN-OS 10.2.4-h13\", \"PAN-OS 10.2.4-h12\", \"PAN-OS 10.2.4-h11\", \"PAN-OS 10.2.4-h10\", \"PAN-OS 10.2.4-h9\", \"PAN-OS 10.2.4-h8\", \"PAN-OS 10.2.4-h7\", \"PAN-OS 10.2.4-h6\", \"PAN-OS 10.2.4-h5\", \"PAN-OS 10.2.4-h4\", \"PAN-OS 10.2.4-h3\", \"PAN-OS 10.2.4-h2\", \"PAN-OS 10.2.4-h1\", \"PAN-OS 10.2.4\", \"PAN-OS 10.2.3-h14\", \"PAN-OS 10.2.3-h13\", \"PAN-OS 10.2.3-h12\", \"PAN-OS 10.2.3-h11\", \"PAN-OS 10.2.3-h10\", \"PAN-OS 10.2.3-h9\", \"PAN-OS 10.2.3-h8\", \"PAN-OS 10.2.3-h7\", \"PAN-OS 10.2.3-h6\", \"PAN-OS 10.2.3-h5\", \"PAN-OS 10.2.3-h4\", \"PAN-OS 10.2.3-h3\", \"PAN-OS 10.2.3-h2\", \"PAN-OS 10.2.3-h1\", \"PAN-OS 10.2.3\", \"PAN-OS 10.2.2-h6\", \"PAN-OS 10.2.2-h5\", \"PAN-OS 10.2.2-h4\", \"PAN-OS 10.2.2-h3\", \"PAN-OS 10.2.2-h2\", \"PAN-OS 10.2.2-h1\", \"PAN-OS 10.2.2\", \"PAN-OS 10.2.1-h3\", \"PAN-OS 10.2.1-h2\", \"PAN-OS 10.2.1-h1\", \"PAN-OS 10.2.1\", \"PAN-OS 10.2.0-h4\", \"PAN-OS 10.2.0-h3\", \"PAN-OS 10.2.0-h2\", \"PAN-OS 10.2.0-h1\", \"PAN-OS 10.2.0\", \"PAN-OS 10.1.14-h11\", \"PAN-OS 10.1.14-h10\", \"PAN-OS 10.1.14-h9\", \"PAN-OS 10.1.14-h8\", \"PAN-OS 10.1.14-h7\", \"PAN-OS 10.1.14-h6\", \"PAN-OS 10.1.14-h5\", \"PAN-OS 10.1.14-h4\", \"PAN-OS 10.1.14-h3\", \"PAN-OS 10.1.14-h2\", \"PAN-OS 10.1.14-h1\", \"PAN-OS 10.1.14\", \"PAN-OS 10.1.13-h5\", \"PAN-OS 10.1.13-h4\", \"PAN-OS 10.1.13-h3\", \"PAN-OS 10.1.13-h2\", \"PAN-OS 10.1.13-h1\", \"PAN-OS 10.1.13\", \"PAN-OS 10.1.12-h3\", \"PAN-OS 10.1.12-h2\", \"PAN-OS 10.1.12-h1\", \"PAN-OS 10.1.12\", \"PAN-OS 10.1.11-h10\", \"PAN-OS 10.1.11-h9\", \"PAN-OS 10.1.11-h8\", \"PAN-OS 10.1.11-h7\", \"PAN-OS 10.1.11-h6\", \"PAN-OS 10.1.11-h5\", \"PAN-OS 10.1.11-h4\", \"PAN-OS 10.1.11-h3\", \"PAN-OS 10.1.11-h2\", \"PAN-OS 10.1.11-h1\", \"PAN-OS 10.1.11\", \"PAN-OS 10.1.10-h9\", \"PAN-OS 10.1.10-h8\", \"PAN-OS 10.1.10-h7\", \"PAN-OS 10.1.10-h6\", \"PAN-OS 10.1.10-h5\", \"PAN-OS 10.1.10-h4\", \"PAN-OS 10.1.10-h3\", \"PAN-OS 10.1.10-h2\", \"PAN-OS 10.1.10-h1\", \"PAN-OS 10.1.10\", \"PAN-OS 10.1.9-h14\", \"PAN-OS 10.1.9-h13\", \"PAN-OS 10.1.9-h12\", \"PAN-OS 10.1.9-h11\", \"PAN-OS 10.1.9-h10\", \"PAN-OS 10.1.9-h9\", \"PAN-OS 10.1.9-h8\", \"PAN-OS 10.1.9-h7\", \"PAN-OS 10.1.9-h6\", \"PAN-OS 10.1.9-h5\", \"PAN-OS 10.1.9-h4\", \"PAN-OS 10.1.9-h3\", \"PAN-OS 10.1.9-h2\", \"PAN-OS 10.1.9-h1\", \"PAN-OS 10.1.9\", \"PAN-OS 10.1.8-h8\", \"PAN-OS 10.1.8-h7\", \"PAN-OS 10.1.8-h6\", \"PAN-OS 10.1.8-h5\", \"PAN-OS 10.1.8-h4\", \"PAN-OS 10.1.8-h3\", \"PAN-OS 10.1.8-h2\", \"PAN-OS 10.1.8-h1\", \"PAN-OS 10.1.8\", \"PAN-OS 10.1.7-h1\", \"PAN-OS 10.1.7\", \"PAN-OS 10.1.6-h9\", \"PAN-OS 10.1.6-h8\", \"PAN-OS 10.1.6-h7\", \"PAN-OS 10.1.6-h6\", \"PAN-OS 10.1.6-h5\", \"PAN-OS 10.1.6-h4\", \"PAN-OS 10.1.6-h3\", \"PAN-OS 10.1.6-h2\", \"PAN-OS 10.1.6-h1\", \"PAN-OS 10.1.6\", \"PAN-OS 10.1.5-h4\", \"PAN-OS 10.1.5-h3\", \"PAN-OS 10.1.5-h2\", \"PAN-OS 10.1.5-h1\", \"PAN-OS 10.1.5\", \"PAN-OS 10.1.4-h6\", \"PAN-OS 10.1.4-h5\", \"PAN-OS 10.1.4-h4\", \"PAN-OS 10.1.4-h3\", \"PAN-OS 10.1.4-h2\", \"PAN-OS 10.1.4-h1\", \"PAN-OS 10.1.4\", \"PAN-OS 10.1.3-h4\", \"PAN-OS 10.1.3-h3\", \"PAN-OS 10.1.3-h2\", \"PAN-OS 10.1.3-h1\", \"PAN-OS 10.1.3\", \"PAN-OS 10.1.2\", \"PAN-OS 10.1.1\", \"PAN-OS 10.1.0\"], \"providerMetadata\": {\"orgId\": \"d6c1279f-00f6-4ef7-9217-f89ffe703ec0\", \"shortName\": \"palo_alto\", \"dateUpdated\": \"2025-04-11T02:01:35.087Z\"}}}",
         cveMetadata: "{\"cveId\": \"CVE-2025-0127\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-11T16:01:52.805Z\", \"dateReserved\": \"2024-12-20T23:23:28.050Z\", \"assignerOrgId\": \"d6c1279f-00f6-4ef7-9217-f89ffe703ec0\", \"datePublished\": \"2025-04-11T02:01:35.087Z\", \"assignerShortName\": \"palo_alto\"}",
         dataType: "CVE_RECORD",
         dataVersion: "5.1",
      },
   },
}

ghsa-8r53-w527-fcqp

Vulnerability from github

Published

2025-04-11 04:19

Modified

2025-04-11 04:19

Severity ?

7.1 (High) - CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/AU:N/R:U/V:D/RE:M/U:Amber

Details

Cloud NGFW and Prisma® Access are not affected by this vulnerability.

Show details on source website

JSON

To clipboard

{
   affected: [],
   aliases: [
      "CVE-2025-0127",
   ],
   database_specific: {
      cwe_ids: [
         "CWE-78",
      ],
      github_reviewed: false,
      github_reviewed_at: null,
      nvd_published_at: "2025-04-11T02:15:19Z",
      severity: "HIGH",
   },
   details: "A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. This issue is only applicable to PAN-OS VM-Series. This issue does not affect firewalls that are already deployed.\n\nCloud NGFW and Prisma® Access are not affected by this vulnerability.",
   id: "GHSA-8r53-w527-fcqp",
   modified: "2025-04-11T04:19:27Z",
   published: "2025-04-11T04:19:27Z",
   references: [
      {
         type: "ADVISORY",
         url: "https://nvd.nist.gov/vuln/detail/CVE-2025-0127",
      },
      {
         type: "WEB",
         url: "https://security.paloaltonetworks.com/CVE-2025-0127",
      },
   ],
   schema_version: "1.4.0",
   severity: [
      {
         score: "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber",
         type: "CVSS_V4",
      },
   ],
}

fkie_cve-2025-0127

Vulnerability from fkie_nvd

Published

2025-04-11 02:15

Modified

2025-04-11 15:39

Severity ?

7.1 (High) - CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/AU:N/R:U/V:D/RE:M/U:Amber

Summary

References

▼	URL	Tags
	psirt@paloaltonetworks.com	https://security.paloaltonetworks.com/CVE-2025-0127

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. This issue is only applicable to PAN-OS VM-Series. This issue does not affect firewalls that are already deployed.\n\nCloud NGFW and Prisma® Access are not affected by this vulnerability.",
      },
      {
         lang: "es",
         value: " Una vulnerabilidad de inyección de comandos en el software PAN-OS® de Palo Alto Networks permite a un administrador autenticado omitir las restricciones del sistema y ejecutar comandos arbitrarios como usuario root. Este problema solo se aplica a la serie VM de PAN-OS. Este problema no afecta a los firewalls que ya están implementados. Cloud NGFW y Prisma® Access no se ven afectados por esta vulnerabilidad.",
      },
   ],
   id: "CVE-2025-0127",
   lastModified: "2025-04-11T15:39:52.920",
   metrics: {
      cvssMetricV40: [
         {
            cvssData: {
               Automatable: "NO",
               Recovery: "USER",
               Safety: "NOT_DEFINED",
               attackComplexity: "LOW",
               attackRequirements: "PRESENT",
               attackVector: "LOCAL",
               availabilityRequirement: "NOT_DEFINED",
               baseScore: 7.1,
               baseSeverity: "HIGH",
               confidentialityRequirement: "NOT_DEFINED",
               exploitMaturity: "NOT_DEFINED",
               integrityRequirement: "NOT_DEFINED",
               modifiedAttackComplexity: "NOT_DEFINED",
               modifiedAttackRequirements: "NOT_DEFINED",
               modifiedAttackVector: "NOT_DEFINED",
               modifiedPrivilegesRequired: "NOT_DEFINED",
               modifiedSubAvailabilityImpact: "NOT_DEFINED",
               modifiedSubConfidentialityImpact: "NOT_DEFINED",
               modifiedSubIntegrityImpact: "NOT_DEFINED",
               modifiedUserInteraction: "NOT_DEFINED",
               modifiedVulnAvailabilityImpact: "NOT_DEFINED",
               modifiedVulnConfidentialityImpact: "NOT_DEFINED",
               modifiedVulnIntegrityImpact: "NOT_DEFINED",
               privilegesRequired: "HIGH",
               providerUrgency: "AMBER",
               subAvailabilityImpact: "NONE",
               subConfidentialityImpact: "NONE",
               subIntegrityImpact: "NONE",
               userInteraction: "NONE",
               valueDensity: "DIFFUSE",
               vectorString: "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber",
               version: "4.0",
               vulnAvailabilityImpact: "HIGH",
               vulnConfidentialityImpact: "HIGH",
               vulnIntegrityImpact: "HIGH",
               vulnerabilityResponseEffort: "MODERATE",
            },
            source: "psirt@paloaltonetworks.com",
            type: "Secondary",
         },
      ],
   },
   published: "2025-04-11T02:15:19.120",
   references: [
      {
         source: "psirt@paloaltonetworks.com",
         url: "https://security.paloaltonetworks.com/CVE-2025-0127",
      },
   ],
   sourceIdentifier: "psirt@paloaltonetworks.com",
   vulnStatus: "Awaiting Analysis",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-78",
            },
         ],
         source: "psirt@paloaltonetworks.com",
         type: "Secondary",
      },
   ],
}

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2025-0127

Vulnerability from cvelistv5

ghsa-8r53-w527-fcqp

Vulnerability from github

fkie_cve-2025-0127

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature