Description
When configured using SAML, a session fixation vulnerability in the GlobalProtect™ login enables an attacker to impersonate a legitimate authorized user and perform actions as that GlobalProtect user. This requires the legitimate user to first click on a malicious link provided by the attacker. The SAML login for the PAN-OS® management interface is not affected. Additionally, this issue does not affect Cloud NGFW and all Prisma® Access instances are proactively patched.
INFO
Published Date :
2025-04-11T01:57:12.662Z
Last Modified :
2025-04-11T16:02:02.228Z
Source :
palo_alto
AFFECTED PRODUCTS
The following products are affected by CVE-2025-0126 vulnerability.
| Vendors | Products |
|---|---|
| Paloaltonetworks |
|
REFERENCES
Here, you will find a curated list of external links that provide in-depth information to CVE-2025-0126.
| URL | Resource |
|---|---|
| https://security.paloaltonetworks.com/CVE-2025-0126 |
|
CVSS Vulnerability Scoring System
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability