← Zuruck zu CVEs
CVE-2025-0126
N/ABeschreibung
When configured using SAML, a session fixation vulnerability in the GlobalProtect™ login enables an attacker to impersonate a legitimate authorized user and perform actions as that GlobalProtect user. This requires the legitimate user to first click on a malicious link provided by the attacker. The SAML login for the PAN-OS® management interface is not affected. Additionally, this issue does not affect Cloud NGFW and all Prisma® Access instances are proactively patched.
CVE Details
CVSS v3.1 BewertungN/A
Veroffentlicht4/11/2025
Zuletzt geandert4/11/2025
Quellenvd
Honeypot-Sichtungen0
Schwachen (CWE)
CWE-384
Referenzen
https://security.paloaltonetworks.com/CVE-2025-0126(psirt@paloaltonetworks.com)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.