CVE-2025-4619
BaseFortify
Publication date: 2025-11-13
Last updated on: 2025-11-13
Assigner: Palo Alto Networks, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| palo_alto_networks | pan-os | 4.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-754 | The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a denial-of-service (DoS) issue in Palo Alto Networks PAN-OS software that allows an unauthenticated attacker to reboot a firewall by sending a specially crafted packet through the dataplane. If the attacker repeatedly triggers this, the firewall can enter maintenance mode, disrupting its normal operation.
How can this vulnerability impact me? :
The impact of this vulnerability is that an attacker can cause the firewall to reboot and eventually enter maintenance mode, which can disrupt network security and availability. This could lead to downtime or reduced protection for the network relying on the affected firewall devices.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should upgrade the PAN-OS software on your PA-Series and VM-Series firewalls to the fixed version provided by Palo Alto Networks. For Prisma Access customers, ensure your system is upgraded through the standard upgrade process as soon as possible. Avoid exposing the dataplane to untrusted networks to reduce the risk of exploitation until the upgrade is applied.