CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-4230: PAN-OS: Authenticated Admin Command Injection Vulnerability Through CLI

8.4 CVSS

Description

A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. To be able to exploit this issue, the user must have access to the PAN-OS CLI.

The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators.

Cloud NGFW and Prisma® Access are not affected by this vulnerability.

Classification

CVE ID: CVE-2025-4230

CVSS Base Severity: HIGH

CVSS Base Score: 8.4

CVSS Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/R:U/V:D/U:Amber

Problem Types

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Affected Products

Vendor: Palo Alto Networks

Product: Cloud NGFW, PAN-OS, Prisma Access

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.18% (probability of being exploited)

EPSS Percentile: 39.96% (scored less or equal to compared to others)

EPSS Date: 2025-06-22 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-4230
https://security.paloaltonetworks.com/CVE-2025-4230

Timeline

2025-06-11 16:15:14 UTC
Palo Alto Networks Security Advisories

CVE-2025-4230 PAN-OS: Authenticated Admin Command Injection Vulnerability Through CLI (Severity: MEDIUM)
2025-06-13 00:40:18 UTC
CVE

PAN-OS: Authenticated Admin Command Injection Vulnerability Through CLI