CVE-2025-0126

Published: Apr 11, 2025

Modified: Apr 11, 2025

PUBLISHED

Description

When configured using SAML, a session fixation vulnerability in the GlobalProtect™ login enables an attacker to impersonate a legitimate authorized user and perform actions as that GlobalProtect user. This requires the legitimate user to first click on a malicious link provided by the attacker. The SAML login for the PAN-OS® management interface is not affected. Additionally, this issue does not affect Cloud NGFW and all Prisma® Access instances are proactively patched.

Vendor	Product	Versions
Palo Alto Networks	Cloud NGFW	unaffected `All`
Palo Alto Networks	PAN-OS	affected `11.2.0 - < 11.2.3` affected `11.1.0 - < 11.1.5` affected `11.0.0 - < 11.0.6` affected `10.2.0 - < 10.2.10-h6` affected `10.1.0 - < 10.1.14-h11`
Palo Alto Networks	Prisma Access	affected `10.2.0 - < 10.2.4-h36` affected `11.2.0 - < 11.2.4-h5`

Weaknesses (CWE)

CWE-384

References

https://security.paloaltonetworks.com/CVE-2025-0126

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-0126

Description

Affected Products

Weaknesses (CWE)

References