PAN-OS GlobalProtect XSS (CVE-2025-0133)
Palo Alto Networks next-generation firewall (NGFW) is one of the leading enterprise firewalls used by companies around the world to protect against various cyber-attacks. It runs on its own operating system PAN-OS.
A reflected cross-site scripting (XSS) vulnerability exists in GlobalProtect gateway and portal features of PAN-OS. A remote attacker able to convince a user with an active authenticated session on the firewall web interface to click on a crafted link could potentially execute arbitrary JavaScript code in the user's browser and hijack the user's session.
A remote attacker can potentially execute arbitrary JavaScript code in the user's browser and hijack the user's session in GlobalProtect.
Upgrade to the latest version of Palo Alto PAN-OS.
Vulnerability Index
You can search and find all vulnerabilities
Select Category
Select Vulnerability
Select Vulnerability
Featured resources
Build your resistance to threats. And save hundreds of hours each month.
