Web sessions in the web interface of Palo Alto Networks Prisma® Cloud Compute Edition do not expire when users are deleted, which makes Prisma Cloud Compute Edition susceptible to unauthorized access.
Compute in Prisma Cloud Enterprise Edition is not affected by this issue.
CVE ID: CVE-2025-0138
CVSS Base Severity: LOW
CVSS Base Score: 2.0
CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/AU:N/R:U/V:D/RE:M/U:Amber
Vendor: Palo Alto Networks
Product: Prisma Cloud Compute Edition, Compute in Prisma Cloud Enterprise Edition
EPSS Score: 0.05% (probability of being exploited)
EPSS Percentile: 15.93% (scored less or equal to compared to others)
EPSS Date: 2025-06-06 (when was this score calculated)