Dear All,

Palo Alto Networks published 11 new security advisories at https://security.paloaltonetworks.com on April 9, 2025:

Prisma Access Browser
PAN-SA-2025-0008 Chromium and Prisma Access Browser: Monthly Vulnerability Update (April 2025) (Severity: HIGH)
https://security.paloaltonetworks.com/PAN-SA-2025-0008

PAN-OS
CVE-2025-0128 PAN-OS: Firewall Denial of Service (DoS) Using a Specially Crafted Packet (Severity: MEDIUM)
https://security.paloaltonetworks.com/CVE-2025-0128

CVE-2025-0127 PAN-OS: Authenticated Admin Command Injection Vulnerability in PAN-OS VM-Series (Severity: MEDIUM)
https://security.paloaltonetworks.com/CVE-2025-0127

CVE-2025-0126 PAN-OS: Session Fixation Vulnerability in GlobalProtect SAML Login (Severity: MEDIUM)
https://security.paloaltonetworks.com/CVE-2025-0126

CVE-2025-0125 PAN-OS: Improper Neutralization of Input in the Management Web Interface (Severity: MEDIUM)
https://security.paloaltonetworks.com/CVE-2025-0125

CVE-2025-0124 PAN-OS: Authenticated File Deletion Vulnerability on the Management Web Interface (Severity: LOW)
https://security.paloaltonetworks.com/CVE-2025-0124

CVE-2025-0123 PAN-OS: Information Disclosure Vulnerability in HTTP/2 Packet Captures (Severity: LOW)
https://security.paloaltonetworks.com/CVE-2025-0123

Prisma SD-WAN
CVE-2025-0122 Prisma SD-WAN: Denial of Service (DoS) Vulnerability Through Burst of Crafted Packets (Severity: MEDIUM)
https://security.paloaltonetworks.com/CVE-2025-0122

Cortex XDR Agent
CVE-2025-0121 Cortex XDR Agent: Local Windows User Can Crash the Agent (Severity: MEDIUM)
https://security.paloaltonetworks.com/CVE-2025-0121

GlobalProtect App
CVE-2025-0120 GlobalProtect App: Local Privilege Escalation (PE) Vulnerability (Severity: MEDIUM)
https://security.paloaltonetworks.com/CVE-2025-0120

Cortex XDR Broker VM
CVE-2025-0119 Cortex XDR Broker VM: Authenticated Command Injection in Broker VM (Severity: LOW)
https://security.paloaltonetworks.com/CVE-2025-0119

Be Aware Be Secure!