PAN-OS: Improper Neutralization of Input in the Management Web Interface

Monitor6.9CVE-2025-4615Oct 8, 2025

Palo Alto Networks

IT in OT - Palo Alto firewalls are commonly deployed at IT/OT network boundaries

Summary

An improper input neutralization vulnerability in Palo Alto Networks Prisma Access management web interface allows an authenticated administrator to bypass system restrictions and execute arbitrary commands. The vulnerability is minimized when CLI access is restricted to a limited group of administrators.

What this means

What could happen

An authenticated administrator could bypass system restrictions and execute arbitrary commands on the Prisma Access device, potentially disrupting firewall operations or accessing sensitive network traffic and configurations.

Who's at risk

This affects organizations running Palo Alto Networks Prisma Access as their cloud-based firewall and network security appliance. Any deployment where administrators access the management interface, particularly in multi-tenant or shared administrative environments, is at risk.

How it could be exploited

An attacker with valid administrator credentials to the PAN-OS management web interface could inject specially crafted input to bypass input validation controls and execute arbitrary CLI commands with administrator privileges.

Prerequisites

Valid administrator credentials for the PAN-OS management web interface
Access to the management interface (typically restricted to administrative networks)

Requires valid credentialsAuthenticated access neededLow complexity attack

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (1)

ProductAffected VersionsFix Status

Prisma AccessBelow 11.2.811.2.8+

Remediation & Mitigation

0/3

Do now

0/2

HARDENINGRestrict CLI and web interface access to a limited group of trusted administrators via firewall rules or network segmentation

HARDENINGReview administrator account activity logs for any unauthorized command execution attempts

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Prisma Access to version 11.2.8 or later

CVEs (1)

CVE-2025-4615

View full vendor advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/07ca0dc5-cc8d-4a71-9194-5c7bac9898d0

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.