← Voltar para CVEs
CVE-2025-0126
N/ADescricao
When configured using SAML, a session fixation vulnerability in the GlobalProtect™ login enables an attacker to impersonate a legitimate authorized user and perform actions as that GlobalProtect user. This requires the legitimate user to first click on a malicious link provided by the attacker. The SAML login for the PAN-OS® management interface is not affected. Additionally, this issue does not affect Cloud NGFW and all Prisma® Access instances are proactively patched.
Detalhes CVE
Pontuacao CVSS v3.1N/A
Publicado4/11/2025
Ultima modificacao4/11/2025
Fontenvd
Avistamentos honeypot0
Fraquezas (CWE)
CWE-384
Referencias
https://security.paloaltonetworks.com/CVE-2025-0126(psirt@paloaltonetworks.com)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.