CVE-2025-4615

PAN-OS: Improper Neutralization of Input in the Management Web Interface

Description

An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and execute arbitrary commands. The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators. Cloud NGFW and Prisma® Access are not affected by this vulnerability.

INFO

Published Date :

2025-10-09T18:28:04.905Z

Last Modified :

2025-10-09T19:08:50.531Z

Source :

palo_alto

AFFECTED PRODUCTS

The following products are affected by CVE-2025-4615 vulnerability.

Vendors	Products
Paloaltonetworks	Cloud Ngfw Pan-os Prisma Access

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-4615.

URL	Resource
https://security.paloaltonetworks.com/CVEN-2025-4615

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability