https://community.isc2.org/t5/Threats/Palo-Alto-Networks-published-11-new-security-advisories/m-p/78662#M1578 <P>Dear All,</P><P>&nbsp;</P><P>Palo Alto Networks published<STRONG> 11 new security advisories&nbsp;</STRONG>at <A href="https://security.paloaltonetworks.com" target="_blank">https://security.paloaltonetworks.com&nbsp;</A>on April 9, 2025:<BR /><BR /></P><P><STRONG>Prisma Access Browser</STRONG><BR />PAN-SA-2025-0008 Chromium and Prisma Access Browser: Monthly Vulnerability Update (April 2025) (Severity: HIGH)<BR /><A href="https://security.paloaltonetworks.com/PAN-SA-2025-0008" target="_blank">https://security.paloaltonetworks.com/PAN-SA-2025-0008</A><BR /><BR /></P><P><BR /><STRONG>PAN-OS</STRONG><BR />CVE-2025-0128 PAN-OS: Firewall Denial of Service (DoS) Using a Specially Crafted Packet (Severity: MEDIUM)<BR /><A href="https://security.paloaltonetworks.com/CVE-2025-0128" target="_blank">https://security.paloaltonetworks.com/CVE-2025-0128</A><BR /><BR /></P><P>CVE-2025-0127 PAN-OS: Authenticated Admin Command Injection Vulnerability in PAN-OS VM-Series (Severity: MEDIUM)<BR /><A href="https://security.paloaltonetworks.com/CVE-2025-0127" target="_blank">https://security.paloaltonetworks.com/CVE-2025-0127</A><BR /><BR /></P><P>CVE-2025-0126 PAN-OS: Session Fixation Vulnerability in GlobalProtect SAML Login (Severity: MEDIUM)<BR /><A href="https://security.paloaltonetworks.com/CVE-2025-0126" target="_blank">https://security.paloaltonetworks.com/CVE-2025-0126</A><BR /><BR /></P><P>CVE-2025-0125 PAN-OS: Improper Neutralization of Input in the Management Web Interface (Severity: MEDIUM)<BR /><A href="https://security.paloaltonetworks.com/CVE-2025-0125" target="_blank">https://security.paloaltonetworks.com/CVE-2025-0125</A><BR /><BR /></P><P>CVE-2025-0124 PAN-OS: Authenticated File Deletion Vulnerability on the Management Web Interface (Severity: LOW)<BR /><A href="https://security.paloaltonetworks.com/CVE-2025-0124" target="_blank">https://security.paloaltonetworks.com/CVE-2025-0124</A><BR /><BR /></P><P>CVE-2025-0123 PAN-OS: Information Disclosure Vulnerability in HTTP/2 Packet Captures (Severity: LOW)<BR /><A href="https://security.paloaltonetworks.com/CVE-2025-0123" target="_blank">https://security.paloaltonetworks.com/CVE-2025-0123</A><BR /><BR /></P><P><BR /><STRONG>Prisma SD-WAN</STRONG><BR />CVE-2025-0122 Prisma SD-WAN: Denial of Service (DoS) Vulnerability Through Burst of Crafted Packets (Severity: MEDIUM)<BR /><A href="https://security.paloaltonetworks.com/CVE-2025-0122" target="_blank">https://security.paloaltonetworks.com/CVE-2025-0122</A><BR /><BR /></P><P><BR /><STRONG>Cortex XDR Agent</STRONG><BR />CVE-2025-0121 Cortex XDR Agent: Local Windows User Can Crash the Agent (Severity: MEDIUM)<BR /><A href="https://security.paloaltonetworks.com/CVE-2025-0121" target="_blank">https://security.paloaltonetworks.com/CVE-2025-0121</A><BR /><BR /></P><P><BR /><STRONG>GlobalProtect App</STRONG><BR />CVE-2025-0120 GlobalProtect App: Local Privilege Escalation (PE) Vulnerability (Severity: MEDIUM)<BR /><A href="https://security.paloaltonetworks.com/CVE-2025-0120" target="_blank">https://security.paloaltonetworks.com/CVE-2025-0120</A><BR /><BR /></P><P><BR /><STRONG>Cortex XDR Broker VM</STRONG><BR />CVE-2025-0119 Cortex XDR Broker VM: Authenticated Command Injection in Broker VM (Severity: LOW)<BR /><A href="https://security.paloaltonetworks.com/CVE-2025-0119" target="_blank">https://security.paloaltonetworks.com/CVE-2025-0119</A><BR /><BR /></P><P>&nbsp;</P><P>Be Aware Be Secure!</P><P>&nbsp;</P><P>&nbsp;</P> Wed, 09 Apr 2025 17:39:41 GMT Kyaw_Myo_Oo 2025-04-09T17:39:41Z https://community.isc2.org/t5/Threats/Palo-Alto-Networks-published-11-new-security-advisories/m-p/78662#M1578 <P>Dear All,</P><P>&nbsp;</P><P>Palo Alto Networks published<STRONG> 11 new security advisories&nbsp;</STRONG>at <A href="https://security.paloaltonetworks.com" target="_blank">https://security.paloaltonetworks.com&nbsp;</A>on April 9, 2025:<BR /><BR /></P><P><STRONG>Prisma Access Browser</STRONG><BR />PAN-SA-2025-0008 Chromium and Prisma Access Browser: Monthly Vulnerability Update (April 2025) (Severity: HIGH)<BR /><A href="https://security.paloaltonetworks.com/PAN-SA-2025-0008" target="_blank">https://security.paloaltonetworks.com/PAN-SA-2025-0008</A><BR /><BR /></P><P><BR /><STRONG>PAN-OS</STRONG><BR />CVE-2025-0128 PAN-OS: Firewall Denial of Service (DoS) Using a Specially Crafted Packet (Severity: MEDIUM)<BR /><A href="https://security.paloaltonetworks.com/CVE-2025-0128" target="_blank">https://security.paloaltonetworks.com/CVE-2025-0128</A><BR /><BR /></P><P>CVE-2025-0127 PAN-OS: Authenticated Admin Command Injection Vulnerability in PAN-OS VM-Series (Severity: MEDIUM)<BR /><A href="https://security.paloaltonetworks.com/CVE-2025-0127" target="_blank">https://security.paloaltonetworks.com/CVE-2025-0127</A><BR /><BR /></P><P>CVE-2025-0126 PAN-OS: Session Fixation Vulnerability in GlobalProtect SAML Login (Severity: MEDIUM)<BR /><A href="https://security.paloaltonetworks.com/CVE-2025-0126" target="_blank">https://security.paloaltonetworks.com/CVE-2025-0126</A><BR /><BR /></P><P>CVE-2025-0125 PAN-OS: Improper Neutralization of Input in the Management Web Interface (Severity: MEDIUM)<BR /><A href="https://security.paloaltonetworks.com/CVE-2025-0125" target="_blank">https://security.paloaltonetworks.com/CVE-2025-0125</A><BR /><BR /></P><P>CVE-2025-0124 PAN-OS: Authenticated File Deletion Vulnerability on the Management Web Interface (Severity: LOW)<BR /><A href="https://security.paloaltonetworks.com/CVE-2025-0124" target="_blank">https://security.paloaltonetworks.com/CVE-2025-0124</A><BR /><BR /></P><P>CVE-2025-0123 PAN-OS: Information Disclosure Vulnerability in HTTP/2 Packet Captures (Severity: LOW)<BR /><A href="https://security.paloaltonetworks.com/CVE-2025-0123" target="_blank">https://security.paloaltonetworks.com/CVE-2025-0123</A><BR /><BR /></P><P><BR /><STRONG>Prisma SD-WAN</STRONG><BR />CVE-2025-0122 Prisma SD-WAN: Denial of Service (DoS) Vulnerability Through Burst of Crafted Packets (Severity: MEDIUM)<BR /><A href="https://security.paloaltonetworks.com/CVE-2025-0122" target="_blank">https://security.paloaltonetworks.com/CVE-2025-0122</A><BR /><BR /></P><P><BR /><STRONG>Cortex XDR Agent</STRONG><BR />CVE-2025-0121 Cortex XDR Agent: Local Windows User Can Crash the Agent (Severity: MEDIUM)<BR /><A href="https://security.paloaltonetworks.com/CVE-2025-0121" target="_blank">https://security.paloaltonetworks.com/CVE-2025-0121</A><BR /><BR /></P><P><BR /><STRONG>GlobalProtect App</STRONG><BR />CVE-2025-0120 GlobalProtect App: Local Privilege Escalation (PE) Vulnerability (Severity: MEDIUM)<BR /><A href="https://security.paloaltonetworks.com/CVE-2025-0120" target="_blank">https://security.paloaltonetworks.com/CVE-2025-0120</A><BR /><BR /></P><P><BR /><STRONG>Cortex XDR Broker VM</STRONG><BR />CVE-2025-0119 Cortex XDR Broker VM: Authenticated Command Injection in Broker VM (Severity: LOW)<BR /><A href="https://security.paloaltonetworks.com/CVE-2025-0119" target="_blank">https://security.paloaltonetworks.com/CVE-2025-0119</A><BR /><BR /></P><P>&nbsp;</P><P>Be Aware Be Secure!</P><P>&nbsp;</P><P>&nbsp;</P> Wed, 09 Apr 2025 17:39:41 GMT https://community.isc2.org/t5/Threats/Palo-Alto-Networks-published-11-new-security-advisories/m-p/78662#M1578 Kyaw_Myo_Oo 2025-04-09T17:39:41Z