CVE-2025-0137

An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® software enables a malicious authenticated read-write administrator to impersonate another legitimate authenticated PAN-OS administrator. The attacker must have network access to the management web interface to exploit this issue. You greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended critical deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .

An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® software enables a malicious authenticated read-write administrator to impersonate another legitimate authenticated PAN-OS administrator. The attacker must have network access to the management web interface to exploit this issue. You greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended critical deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .

Una vulnerabilidad de neutralización de entrada incorrecta en la interfaz web de administración del software PAN-OS® de Palo Alto Networks permite que un administrador malicioso de lectura y escritura autenticado se haga pasar por otro administrador legítimo de PAN-OS autenticado. El atacante debe tener acceso de red a la interfaz web de administración para explotar este problema. Puede reducir considerablemente el riesgo de este problema restringiendo el acceso a la interfaz web de administración únicamente a direcciones IP internas de confianza, según nuestras directrices de implementación crítica recomendadas: https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431.