Home

Description

Web sessions in the web interface of Palo Alto Networks Prisma® Cloud Compute Edition do not expire when users are deleted, which makes Prisma Cloud Compute Edition susceptible to unauthorized access. Compute in Prisma Cloud Enterprise Edition is not affected by this issue.

PUBLISHED Reserved 2024-12-20 | Published 2025-05-14 | Updated 2025-06-23 | Assigner palo_alto




LOW: 2.0CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/AU:N/R:U/V:D/RE:M/U:Amber

Problem types

CWE-613 Insufficient Session Expiration

Product status

Default status
unaffected

1 (custom) before 34.01.129
affected

Default status
unaffected

All (custom)
unaffected

Timeline

2025-05-14:Initial Publication

Credits

Maciej Pypec of ING finder

References

security.paloaltonetworks.com/CVE-2025-0138 vendor-advisory

cve.org (CVE-2025-0138)

nvd.nist.gov (CVE-2025-0138)

Download JSON