Vulnerability Database

310,469

Total vulnerabilities in the database

CVE-2025-4614

An information disclosure vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to view session tokens of users authenticated to the firewall web UI. This may allow impersonation of users whose session tokens are leaked.

The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators.

Cloud NGFW and Prisma® Access are not affected by this vulnerability.

Published: Oct 9, 2025
Updated: Nov 16, 2025
CVE: CVE-2025-4614
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 2.7
AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

CWEs:

CWE-497

Affected Software
References

Software	From	Fixed in
paloaltonetworks / pan-os	10.2.0	10.2.17
paloaltonetworks / pan-os	11.1.0	11.1.12
paloaltonetworks / pan-os	11.2.0	11.2.8

https://security.paloaltonetworks.com/CVE-2025-4614

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo