CVE-2025-0114 | THREATINT

Description

A Denial of Service (DoS) vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software enables an unauthenticated attacker to render the service unavailable by sending a large number of specially crafted packets over a period of time. This issue affects both the GlobalProtect portal and the GlobalProtect gateway. This issue does not apply to Cloud NGFWs or Prisma Access software.

PUBLISHED Reserved 2024-12-20 | Published 2025-03-12 | Updated 2025-03-12 | Assigner palo_alto

HIGH: 8.2CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/AU:N/R:U/V:C/U:Amber

Problem types

CWE-400 Uncontrolled Resource Consumption

Product status

Default status

unaffected

11.2.0 (custom)

unaffected

11.1.0 (custom)

unaffected

11.0.0 (custom) before 11.0.2

affected

10.2.0 (custom) before 10.2.5

affected

10.1.0 (custom) before 10.1.14-h11

affected

Default status

unaffected

All (custom)

unaffected

Default status

unaffected

All (custom)

unaffected

Timeline

2025-03-12:

Initial Publication

Credits

an external reporter finder

References

security.paloaltonetworks.com/CVE-2025-0114 vendor-advisory

cve.org (CVE-2025-0114)

nvd.nist.gov (CVE-2025-0114)

Download JSON