https://community.isc2.org/t5/Threats/Palo-Alto-Networks-published-11-new-security-advisories/m-p/80334#M1659 <P>Dear All,</P><P><BR />Palo Alto Networks published 11 new security advisories on May 14, 2025:<BR /><A href="https://security.paloaltonetworks.com" target="_blank" rel="noopener">https://security.paloaltonetworks.com</A></P><P><BR /><STRONG>Prisma Access Browser</STRONG><BR /><BR />PAN-SA-2025-0009 Chromium: Monthly Vulnerability Update (May 2025) (Severity: HIGH)<BR /><A href="https://security.paloaltonetworks.com/PAN-SA-2025-0009" target="_blank" rel="noopener">https://security.paloaltonetworks.com/PAN-SA-2025-0009</A><BR /><BR /></P><P><BR /><STRONG>PAN-OS</STRONG><BR /><BR />CVE-2025-0133 PAN-OS: Reflected Cross-Site Scripting (XSS) Vulnerability in GlobalProtect Gateway and Portal (Severity: MEDIUM)<BR /><A href="https://security.paloaltonetworks.com/CVE-2025-0133" target="_blank" rel="noopener">https://security.paloaltonetworks.com/CVE-2025-0133</A><BR /><BR /></P><P>CVE-2025-0130 PAN-OS: Firewall Denial-of-Service (DoS) in the Web-Proxy Feature via a Burst of Maliciously Crafted Packets (Severity: MEDIUM)<BR /><A href="https://security.paloaltonetworks.com/CVE-2025-0130" target="_blank" rel="noopener">https://security.paloaltonetworks.com/CVE-2025-0130</A><BR /><BR /></P><P>CVE-2025-0137 PAN-OS: Improper Neutralization of Input in the Management Web Interface (Severity: LOW)<BR /><A href="https://security.paloaltonetworks.com/CVE-2025-0137" target="_blank" rel="noopener">https://security.paloaltonetworks.com/CVE-2025-0137</A><BR /><BR /></P><P>CVE-2025-0136 PAN-OS: Unencrypted Data Transfer when using AES-128-CCM on Intel-based hardware devices (Severity: LOW)<BR /><A href="https://security.paloaltonetworks.com/CVE-2025-0136" target="_blank" rel="noopener">https://security.paloaltonetworks.com/CVE-2025-0136</A><BR /><BR /></P><P>PAN-SA-2025-0010 Informational Bulletin: No Impact of the Marvin Attack on PAN-OS (Severity: NONE)<BR /><A href="https://security.paloaltonetworks.com/PAN-SA-2025-0010" target="_blank" rel="noopener">https://security.paloaltonetworks.com/PAN-SA-2025-0010</A></P><P><BR /><STRONG>Cortex XDR Broker VM</STRONG><BR /><BR />CVE-2025-0132 Cortex XDR Broker VM: Unauthenticated User Can Disable Internal Services (Severity: LOW)<BR /><A href="https://security.paloaltonetworks.com/CVE-2025-0132" target="_blank" rel="noopener">https://security.paloaltonetworks.com/CVE-2025-0132</A><BR /><BR /></P><P>CVE-2025-0134 Cortex XDR Broker VM: Authenticated Code Injection Vulnerability in Broker VM (Severity: LOW)<BR /><A href="https://security.paloaltonetworks.com/CVE-2025-0134" target="_blank" rel="noopener">https://security.paloaltonetworks.com/CVE-2025-0134</A><BR /><BR /></P><P><BR /><STRONG>GlobalProtect App</STRONG><BR /><BR />CVE-2025-0131 GlobalProtect App: Incorrect Privilege Management Vulnerability in OPSWAT MetaDefender Endpoint Security SDK (Severity: MEDIUM)<BR /><A href="https://security.paloaltonetworks.com/CVE-2025-0131" target="_blank" rel="noopener">https://security.paloaltonetworks.com/CVE-2025-0131</A><BR /><BR /></P><P>CVE-2025-0135 GlobalProtect App on macOS: Non Admin User Can Disable the GlobalProtect App (Severity: LOW)<BR /><A href="https://security.paloaltonetworks.com/CVE-2025-0135" target="_blank" rel="noopener">https://security.paloaltonetworks.com/CVE-2025-0135</A></P><P><BR /><STRONG>Prisma Cloud Compute Edition</STRONG><BR /><BR />CVE-2025-0138 Prisma Cloud Compute Edition: Insufficient Session Expiration Vulnerability in the Web Interface (Severity: LOW)<BR /><BR /><A href="https://security.paloaltonetworks.com/CVE-2025-0138" target="_blank" rel="noopener">https://security.paloaltonetworks.com/CVE-2025-0138</A><BR /><BR /><BR /></P> Wed, 14 May 2025 19:07:05 GMT Kyaw_Myo_Oo 2025-05-14T19:07:05Z https://community.isc2.org/t5/Threats/Palo-Alto-Networks-published-11-new-security-advisories/m-p/80334#M1659 <P>Dear All,</P><P><BR />Palo Alto Networks published 11 new security advisories on May 14, 2025:<BR /><A href="https://security.paloaltonetworks.com" target="_blank" rel="noopener">https://security.paloaltonetworks.com</A></P><P><BR /><STRONG>Prisma Access Browser</STRONG><BR /><BR />PAN-SA-2025-0009 Chromium: Monthly Vulnerability Update (May 2025) (Severity: HIGH)<BR /><A href="https://security.paloaltonetworks.com/PAN-SA-2025-0009" target="_blank" rel="noopener">https://security.paloaltonetworks.com/PAN-SA-2025-0009</A><BR /><BR /></P><P><BR /><STRONG>PAN-OS</STRONG><BR /><BR />CVE-2025-0133 PAN-OS: Reflected Cross-Site Scripting (XSS) Vulnerability in GlobalProtect Gateway and Portal (Severity: MEDIUM)<BR /><A href="https://security.paloaltonetworks.com/CVE-2025-0133" target="_blank" rel="noopener">https://security.paloaltonetworks.com/CVE-2025-0133</A><BR /><BR /></P><P>CVE-2025-0130 PAN-OS: Firewall Denial-of-Service (DoS) in the Web-Proxy Feature via a Burst of Maliciously Crafted Packets (Severity: MEDIUM)<BR /><A href="https://security.paloaltonetworks.com/CVE-2025-0130" target="_blank" rel="noopener">https://security.paloaltonetworks.com/CVE-2025-0130</A><BR /><BR /></P><P>CVE-2025-0137 PAN-OS: Improper Neutralization of Input in the Management Web Interface (Severity: LOW)<BR /><A href="https://security.paloaltonetworks.com/CVE-2025-0137" target="_blank" rel="noopener">https://security.paloaltonetworks.com/CVE-2025-0137</A><BR /><BR /></P><P>CVE-2025-0136 PAN-OS: Unencrypted Data Transfer when using AES-128-CCM on Intel-based hardware devices (Severity: LOW)<BR /><A href="https://security.paloaltonetworks.com/CVE-2025-0136" target="_blank" rel="noopener">https://security.paloaltonetworks.com/CVE-2025-0136</A><BR /><BR /></P><P>PAN-SA-2025-0010 Informational Bulletin: No Impact of the Marvin Attack on PAN-OS (Severity: NONE)<BR /><A href="https://security.paloaltonetworks.com/PAN-SA-2025-0010" target="_blank" rel="noopener">https://security.paloaltonetworks.com/PAN-SA-2025-0010</A></P><P><BR /><STRONG>Cortex XDR Broker VM</STRONG><BR /><BR />CVE-2025-0132 Cortex XDR Broker VM: Unauthenticated User Can Disable Internal Services (Severity: LOW)<BR /><A href="https://security.paloaltonetworks.com/CVE-2025-0132" target="_blank" rel="noopener">https://security.paloaltonetworks.com/CVE-2025-0132</A><BR /><BR /></P><P>CVE-2025-0134 Cortex XDR Broker VM: Authenticated Code Injection Vulnerability in Broker VM (Severity: LOW)<BR /><A href="https://security.paloaltonetworks.com/CVE-2025-0134" target="_blank" rel="noopener">https://security.paloaltonetworks.com/CVE-2025-0134</A><BR /><BR /></P><P><BR /><STRONG>GlobalProtect App</STRONG><BR /><BR />CVE-2025-0131 GlobalProtect App: Incorrect Privilege Management Vulnerability in OPSWAT MetaDefender Endpoint Security SDK (Severity: MEDIUM)<BR /><A href="https://security.paloaltonetworks.com/CVE-2025-0131" target="_blank" rel="noopener">https://security.paloaltonetworks.com/CVE-2025-0131</A><BR /><BR /></P><P>CVE-2025-0135 GlobalProtect App on macOS: Non Admin User Can Disable the GlobalProtect App (Severity: LOW)<BR /><A href="https://security.paloaltonetworks.com/CVE-2025-0135" target="_blank" rel="noopener">https://security.paloaltonetworks.com/CVE-2025-0135</A></P><P><BR /><STRONG>Prisma Cloud Compute Edition</STRONG><BR /><BR />CVE-2025-0138 Prisma Cloud Compute Edition: Insufficient Session Expiration Vulnerability in the Web Interface (Severity: LOW)<BR /><BR /><A href="https://security.paloaltonetworks.com/CVE-2025-0138" target="_blank" rel="noopener">https://security.paloaltonetworks.com/CVE-2025-0138</A><BR /><BR /><BR /></P> Wed, 14 May 2025 19:07:05 GMT https://community.isc2.org/t5/Threats/Palo-Alto-Networks-published-11-new-security-advisories/m-p/80334#M1659 Kyaw_Myo_Oo 2025-05-14T19:07:05Z