cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Kyaw_Myo_Oo
Advocate I

Palo Alto Networks published 11 new security advisories

Dear All,


Palo Alto Networks published 11 new security advisories on May 14, 2025:
https://security.paloaltonetworks.com


Prisma Access Browser

PAN-SA-2025-0009 Chromium: Monthly Vulnerability Update (May 2025) (Severity: HIGH)
https://security.paloaltonetworks.com/PAN-SA-2025-0009


PAN-OS

CVE-2025-0133 PAN-OS: Reflected Cross-Site Scripting (XSS) Vulnerability in GlobalProtect Gateway and Portal (Severity: MEDIUM)
https://security.paloaltonetworks.com/CVE-2025-0133

CVE-2025-0130 PAN-OS: Firewall Denial-of-Service (DoS) in the Web-Proxy Feature via a Burst of Maliciously Crafted Packets (Severity: MEDIUM)
https://security.paloaltonetworks.com/CVE-2025-0130

CVE-2025-0137 PAN-OS: Improper Neutralization of Input in the Management Web Interface (Severity: LOW)
https://security.paloaltonetworks.com/CVE-2025-0137

CVE-2025-0136 PAN-OS: Unencrypted Data Transfer when using AES-128-CCM on Intel-based hardware devices (Severity: LOW)
https://security.paloaltonetworks.com/CVE-2025-0136

PAN-SA-2025-0010 Informational Bulletin: No Impact of the Marvin Attack on PAN-OS (Severity: NONE)
https://security.paloaltonetworks.com/PAN-SA-2025-0010


Cortex XDR Broker VM

CVE-2025-0132 Cortex XDR Broker VM: Unauthenticated User Can Disable Internal Services (Severity: LOW)
https://security.paloaltonetworks.com/CVE-2025-0132

CVE-2025-0134 Cortex XDR Broker VM: Authenticated Code Injection Vulnerability in Broker VM (Severity: LOW)
https://security.paloaltonetworks.com/CVE-2025-0134


GlobalProtect App

CVE-2025-0131 GlobalProtect App: Incorrect Privilege Management Vulnerability in OPSWAT MetaDefender Endpoint Security SDK (Severity: MEDIUM)
https://security.paloaltonetworks.com/CVE-2025-0131

CVE-2025-0135 GlobalProtect App on macOS: Non Admin User Can Disable the GlobalProtect App (Severity: LOW)
https://security.paloaltonetworks.com/CVE-2025-0135


Prisma Cloud Compute Edition

CVE-2025-0138 Prisma Cloud Compute Edition: Insufficient Session Expiration Vulnerability in the Web Interface (Severity: LOW)

https://security.paloaltonetworks.com/CVE-2025-0138


Kyaw Myo Oo
Information Security Program Manager , CB BANK PCL
CCIE #58769 | CISSP | PMP | CCSM | SAA-C03 | PCNSE
https://www.linkedin.com/in/kyaw-myo-oo/
0 Replies