CVE-2025-0127: PAN-OS: Authenticated Admin Command Injection Vulnerability in PAN-OS VM-Series

7.1 CVSS

Description

A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. This issue is only applicable to PAN-OS VM-Series. This issue does not affect firewalls that are already deployed.

Cloud NGFW and Prisma® Access are not affected by this vulnerability.

Classification

CVE ID: CVE-2025-0127

CVSS Base Severity: HIGH

CVSS Base Score: 7.1

CVSS Vector: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/AU:N/R:U/V:D/RE:M/U:Amber

Problem Types

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Affected Products

Vendor: Palo Alto Networks, Palo Alto Networks, Palo Alto Networks

Product: Cloud NGFW, PAN-OS, Prisma Access

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.18% (probability of being exploited)

EPSS Percentile: 40.09% (scored less or equal to compared to others)

EPSS Date: 2025-04-20 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-0127
https://security.paloaltonetworks.com/CVE-2025-0127

Timeline

2025-04-09 16:15:25 UTC
Palo Alto Networks Security Advisories

CVE-2025-0127 PAN-OS: Authenticated Admin Command Injection Vulnerability in PAN-OS VM-Series (Severity: MEDIUM)
2025-04-11 02:40:12 UTC
CVE

PAN-OS: Authenticated Admin Command Injection Vulnerability in PAN-OS VM-Series