← Volver a CVEs
CVE-2025-0126
N/ADescripcion
When configured using SAML, a session fixation vulnerability in the GlobalProtect™ login enables an attacker to impersonate a legitimate authorized user and perform actions as that GlobalProtect user. This requires the legitimate user to first click on a malicious link provided by the attacker. The SAML login for the PAN-OS® management interface is not affected. Additionally, this issue does not affect Cloud NGFW and all Prisma® Access instances are proactively patched.
Detalles CVE
Puntuacion CVSS v3.1N/A
Publicado4/11/2025
Ultima modificacion4/11/2025
Fuentenvd
Avistamientos honeypot0
Debilidades (CWE)
CWE-384
Referencias
https://security.paloaltonetworks.com/CVE-2025-0126(psirt@paloaltonetworks.com)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.