← Retour aux CVEs
CVE-2025-0126
N/ADescription
When configured using SAML, a session fixation vulnerability in the GlobalProtect™ login enables an attacker to impersonate a legitimate authorized user and perform actions as that GlobalProtect user. This requires the legitimate user to first click on a malicious link provided by the attacker. The SAML login for the PAN-OS® management interface is not affected. Additionally, this issue does not affect Cloud NGFW and all Prisma® Access instances are proactively patched.
Details CVE
Score CVSS v3.1N/A
Publie4/11/2025
Derniere modification4/11/2025
Sourcenvd
Observations honeypot0
Faiblesses (CWE)
CWE-384
References
https://security.paloaltonetworks.com/CVE-2025-0126(psirt@paloaltonetworks.com)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.