We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-0138

Prisma Cloud Compute Edition: Insufficient Session Expiration Vulnerability in the Web Interface



Description

Web sessions in the web interface of Palo Alto Networks Prisma® Cloud Compute Edition do not expire when users are deleted, which makes Prisma Cloud Compute Edition susceptible to unauthorized access. Compute in Prisma Cloud Enterprise Edition is not affected by this issue.

Reserved 2024-12-20 | Published 2025-05-14 | Updated 2025-05-14 | Assigner palo_alto


LOW: 2.0CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/AU:N/R:U/V:D/RE:M/U:Amber

Problem types

CWE-613 Insufficient Session Expiration

Product status

Default status
unaffected

1 before 34.00.141
affected

Default status
unaffected

All before 11.2.5
unaffected

Timeline

2025-05-14:Initial Publication

Credits

Maciej Pypec of ING finder

References

security.paloaltonetworks.com/CVE-2025-0138 vendor-advisory

cve.org (CVE-2025-0138)

nvd.nist.gov (CVE-2025-0138)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-0138

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.