Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Palo Alto Networks — Vulnerabilities & Security Advisories 281

Browse all 281 CVE security advisories affecting Palo Alto Networks. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Palo Alto Networks operates as a prominent cybersecurity vendor, primarily providing next-generation firewalls, cloud security solutions, and endpoint protection platforms to enterprise clients. The company’s software ecosystem, particularly its PAN-OS operating system, has historically been associated with a significant volume of Common Vulnerabilities and Exposures, currently totaling 280 recorded instances. These vulnerabilities frequently involve remote code execution, cross-site scripting, and privilege escalation flaws, often stemming from input validation errors or improper access controls within management interfaces. While the firm maintains a robust security posture through regular patching cycles and proactive threat intelligence integration, the high CVE count reflects the complexity of its extensive feature set and the broad attack surface inherent in critical infrastructure components. Major incidents have been limited, with most issues resolved via timely updates, though the sheer number of disclosed flaws underscores the challenges of securing large-scale, continuously updated network security appliances.

Top products by Palo Alto Networks: PAN-OS Cloud NGFW GlobalProtect App Cortex XDR Agent Cortex XSOAR Cortex XDR Broker VM Expedition Prisma Cloud Compute Global Protect Agent Prisma Browser Traps Checkov by Prisma Cloud Autonomous Digital Experience Manager Prisma Access Browser Palo Alto Networks PAN-OS Bridgecrew Checkov Palo Alto Networks Expedition Prisma Cloud Compute Edition User-ID Credential Agent Prisma SD-WAN Cortex XDR Microsoft 365 Defender Pack PAN-OS OpenConfig Plugin Cortex XSOAR Microsoft Teams Marketplace ActiveMQ Content Pack Cortex XSOAR CommonScripts VM-Series Plugin GlobalProtect GlobalProtect Agent for Linux and OSX GlobalProtect Agent for Windows MineMeld
CVE IDTitleCVSSSeverityPublished
CVE-2025-0111 PAN-OS: Authenticated File Read Vulnerability in the Management Web Interface — Cloud NGFWCWE-73 6.5 -2025-02-12
CVE-2025-0109 PAN-OS: Unauthenticated File Deletion Vulnerability on the Management Web Interface — Cloud NGFWCWE-73 9.1 -2025-02-12
CVE-2025-0108 PAN-OS: Authentication Bypass in the Management Web Interface — Cloud NGFWCWE-306 9.8 -2025-02-12
CVE-2025-0107 Expedition: OS Command Injection Vulnerability — Cloud NGFWCWE-78 10.0 -2025-01-11
CVE-2025-0106 Expedition: Wildcard Expansion Vulnerability — Cloud NGFWCWE-155 5.8 -2025-01-11
CVE-2025-0105 Expedition: Arbitrary File Deletion Vulnerability — Cloud NGFWCWE-73 10.0 -2025-01-11
CVE-2025-0104 Expedition: Cross-Site Scripting (XSS) Vulnerability — Cloud NGFWCWE-79 6.1 -2025-01-11
CVE-2025-0103 Expedition: SQL Injection Vulnerability — Cloud NGFWCWE-89 8.1 -2025-01-11
CVE-2024-3393 PAN-OS: Firewall Denial of Service (DoS) in DNS Security Using a Specially Crafted Packet — Cloud NGFWCWE-754 7.5 -2024-12-27
CVE-2024-5921 GlobalProtect App: Insufficient Certificate Validation Leads to Privilege Escalation — GlobalProtect AppCWE-295 8.0AIHighAI2024-11-27
CVE-2024-9474 PAN-OS: Privilege Escalation (PE) Vulnerability in the Web Management Interface — Cloud NGFWCWE-78 7.2AIHighAI2024-11-18
CVE-2024-0012 PAN-OS: Authentication Bypass in the Management Web Interface (PAN-SA-2024-0015) — Cloud NGFWCWE-306 9.8AICriticalAI2024-11-18
CVE-2024-2550 PAN-OS: Firewall Denial of Service (DoS) in GlobalProtect Gateway Using a Specially Crafted Packet — Cloud NGFWCWE-476 7.5AIHighAI2024-11-14
CVE-2024-5920 PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in PAN-OS Enables Impersonation of a Legitimate Administrator — Cloud NGFWCWE-79 4.8AIMediumAI2024-11-14
CVE-2024-5917 PAN-OS: Server-Side Request Forgery in WildFire — Cloud NGFWCWE-918 5.3AIMediumAI2024-11-14
CVE-2024-2552 PAN-OS: Arbitrary File Delete Vulnerability in the Command Line Interface (CLI) — Cloud NGFWCWE-22 6.5AIMediumAI2024-11-14
CVE-2024-5918 PAN-OS: Improper Certificate Validation Enables Impersonation of a Legitimate GlobalProtect User — Cloud NGFWCWE-295 8.1AIHighAI2024-11-14
CVE-2024-5919 PAN-OS: Authenticated XML External Entities (XXE) Injection Vulnerability — Cloud NGFWCWE-611 7.7AIHighAI2024-11-14
CVE-2024-2551 PAN-OS: Firewall Denial of Service (DoS) Using a Specially Crafted Packet — Cloud NGFWCWE-476 7.5AIHighAI2024-11-14
CVE-2024-9472 PAN-OS: Firewall Denial of Service (DoS) Using Specially Crafted Traffic — Cloud NGFWCWE-476 7.5AIHighAI2024-11-14
CVE-2024-9473 GlobalProtect App: Local Privilege Escalation (PE) Vulnerability — GlobalProtect AppCWE-250 7.8AIHighAI2024-10-09
CVE-2024-9471 PAN-OS: Privilege Escalation (PE) Vulnerability in XML API — PAN-OSCWE-269 7.2AIHighAI2024-10-09
CVE-2024-9470 Cortex XSOAR: Information Disclosure Vulnerability — Cortex XSOARCWE-497 4.3AIMediumAI2024-10-09
CVE-2024-9469 Cortex XDR Agent: Local Windows User Can Disable the Agent — Cortex XDR AgentCWE-754 7.8AIHighAI2024-10-09
CVE-2024-9468 PAN-OS: Firewall Denial of Service (DoS) via a Maliciously Crafted Packet — Cloud NGFWCWE-787 7.5AIHighAI2024-10-09
CVE-2024-9467 Expedition: Reflected Cross-Site Scripting Vulnerability Leads to Expedition Session Disclosure — ExpeditionCWE-79 6.1AIMediumAI2024-10-09
CVE-2024-9466 Expedition: Cleartext Storage of Information Leads to Firewall Admin Credential Disclosure — ExpeditionCWE-532 8.1AIHighAI2024-10-09
CVE-2024-9465 Expedition: SQL Injection Leads to Firewall Admin Credential Disclosure — ExpeditionCWE-89 9.1AICriticalAI2024-10-09
CVE-2024-9464 Expedition: Authenticated OS Command Injection Vulnerability Leads to Firewall Admin Credential Disclosure — ExpeditionCWE-78 9.9AICriticalAI2024-10-09
CVE-2024-9463 Expedition: Unauthenticated OS Command Injection Vulnerability Leads to Firewall Credential Disclosure — ExpeditionCWE-78 10.0AICriticalAI2024-10-09

This page lists every published CVE security advisory associated with Palo Alto Networks. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.