CVE-2025-0126

When configured using SAML, a session fixation vulnerability in the GlobalProtect™ login enables an attacker to impersonate a legitimate authorized user and perform actions as that GlobalProtect user. This requires the legitimate user to first click on a malicious link provided by the attacker. The SAML login for the PAN-OS® management interface is not affected. Additionally, this issue does not affect Cloud NGFW and all Prisma® Access instances are proactively patched.

CVSS

No CVSS.

References

Link	Resource
https://security.paloaltonetworks.com/CVE-2025-0126

Configurations

No configuration.

History

No history.

Information

Published : 2025-04-11 02:15

Updated : 2025-04-11 15:39

NVD link : CVE-2025-0126

Mitre link : CVE-2025-0126

CVE.ORG link : CVE-2025-0126

JSON object : View

Products Affected

No product.

CWE

CWE-384

Session Fixation

{"id": "CVE-2025-0126", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "USER", "baseScore": 8.3, "Automatable": "NO", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:H/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "AMBER", "userInteraction": "ACTIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "MODERATE", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-04-11T02:15:18.970", "references": [{"url": "https://security.paloaltonetworks.com/CVE-2025-0126", "source": "[email protected]"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-384"}]}], "descriptions": [{"lang": "en", "value": "When configured using SAML, a session fixation vulnerability in the GlobalProtect\u2122 login enables an attacker to impersonate a legitimate authorized user and perform actions as that GlobalProtect user. This requires the legitimate user to first click on a malicious link provided by the attacker.\n\nThe SAML login for the PAN-OS\u00ae management interface is not affected. Additionally, this issue does not affect Cloud NGFW and all Prisma\u00ae Access instances are proactively patched."}, {"lang": "es", "value": "Cuando se configura con SAML, una vulnerabilidad de fijaci\u00f3n de sesi\u00f3n en el inicio de sesi\u00f3n de GlobalProtect\u2122 permite a un atacante hacerse pasar por un usuario autorizado leg\u00edtimo y realizar acciones como ese usuario de GlobalProtect. Esto requiere que el usuario leg\u00edtimo primero haga clic en un enlace malicioso proporcionado por el atacante. El inicio de sesi\u00f3n SAML para la interfaz de administraci\u00f3n de PAN-OS\u00ae no se ver\u00e1 afectado. Adem\u00e1s, este problema no afecta a Cloud NGFW y todas las instancias de Prisma\u00ae Access reciben parches de forma proactiva."}], "lastModified": "2025-04-11T15:39:52.920", "sourceIdentifier": "[email protected]"}

CVE-2025-0126

JSON object

Attach tags to CVE-2025-0126

Attach tags to `CVE-2025-0126`