Dear All,
Palo Alto Networks published 11 new security advisories on May 14, 2025:
https://security.paloaltonetworks.com
Prisma Access Browser
PAN-SA-2025-0009 Chromium: Monthly Vulnerability Update (May 2025) (Severity: HIGH)
https://security.paloaltonetworks.com/PAN-SA-2025-0009
PAN-OS
CVE-2025-0133 PAN-OS: Reflected Cross-Site Scripting (XSS) Vulnerability in GlobalProtect Gateway and Portal (Severity: MEDIUM)
https://security.paloaltonetworks.com/CVE-2025-0133
CVE-2025-0130 PAN-OS: Firewall Denial-of-Service (DoS) in the Web-Proxy Feature via a Burst of Maliciously Crafted Packets (Severity: MEDIUM)
https://security.paloaltonetworks.com/CVE-2025-0130
CVE-2025-0137 PAN-OS: Improper Neutralization of Input in the Management Web Interface (Severity: LOW)
https://security.paloaltonetworks.com/CVE-2025-0137
CVE-2025-0136 PAN-OS: Unencrypted Data Transfer when using AES-128-CCM on Intel-based hardware devices (Severity: LOW)
https://security.paloaltonetworks.com/CVE-2025-0136
PAN-SA-2025-0010 Informational Bulletin: No Impact of the Marvin Attack on PAN-OS (Severity: NONE)
https://security.paloaltonetworks.com/PAN-SA-2025-0010
Cortex XDR Broker VM
CVE-2025-0132 Cortex XDR Broker VM: Unauthenticated User Can Disable Internal Services (Severity: LOW)
https://security.paloaltonetworks.com/CVE-2025-0132
CVE-2025-0134 Cortex XDR Broker VM: Authenticated Code Injection Vulnerability in Broker VM (Severity: LOW)
https://security.paloaltonetworks.com/CVE-2025-0134
GlobalProtect App
CVE-2025-0131 GlobalProtect App: Incorrect Privilege Management Vulnerability in OPSWAT MetaDefender Endpoint Security SDK (Severity: MEDIUM)
https://security.paloaltonetworks.com/CVE-2025-0131
CVE-2025-0135 GlobalProtect App on macOS: Non Admin User Can Disable the GlobalProtect App (Severity: LOW)
https://security.paloaltonetworks.com/CVE-2025-0135
Prisma Cloud Compute Edition
CVE-2025-0138 Prisma Cloud Compute Edition: Insufficient Session Expiration Vulnerability in the Web Interface (Severity: LOW)
https://security.paloaltonetworks.com/CVE-2025-0138
Kyaw Myo Oo
Information Security Program Manager , CB BANK PCL
CCIE #58769 | CISSP | PMP | CCSM | SAA-C03 | PCNSE
https://www.linkedin.com/in/kyaw-myo-oo/