Palo Alto Networks Family May 2025 Security Update Advisory

Overview

 

Palo Alto Networks(https://www.paloaltonetworks.com/) has released a security update that fixes vulnerabilities in products it has been made. Users of affected products are advised to update to the latest version.

 

Affected Products

 

Prisma Access Browser 135.16.8.96 and earlier versions

Cloud NGFW,PAN-OS,Prisma Access None

Cloud NGFW,PAN-OS,Prisma Access 11.2.5 or earlier

Cloud NGFW,PAN-OS,Prisma Access 11.1.6-h1, < 11.1.7-h2, < 11.1.8

Cloud NGFW,PAN-OS,Prisma Access None

Cloud NGFW,PAN-OS,Prisma Access None

Cloud NGFW,PAN-OS,Prisma Access None

MetaDefender Endpoint Security SDK version 4.3.4451 or lower

PAN-OS 11.2.8 and earlier

PAN-OS 11.1.11 or earlier

PAN-OS 10.2.17 or earlier

PAN-OS All

 

Resolved Vulnerabilities

 

Chromium Browser Vulnerability in Prisma Access Browser (PAN-SA-2025-0009, CVSS 9.4) [1]

Vulnerability in Cloud NGFW, PAN-OS, and Prisma Access that causes the firewall to reboot without responding to maliciously crafted packets (CVE-2025-0130, CVSS 8.2) [2]

Vulnerability in MetaDefender Endpoint Security SDK that allows a locally authenticated, non-administrator Windows user to escalate their privileges to nt authority\system (CVE-2025-0131, CVSS 7.1) [3]

XSS vulnerability in PAN-OS (CVE-2025-0133, CVSS 5.1) [4]

 

Vulnerability Patches

 

The following product-specific vulnerability patches were made available in the 05/14/2025 update

Prisma Access Browser 136.11.9.93 and later versions

Cloud NGFW,PAN-OS,Prisma Access 11.2.5 and later versions

Cloud NGFW,PAN-OS,Prisma Access 11.1.6-h1 and later versions

Cloud NGFW,PAN-OS,Prisma Access 11.1.7-h2 and later

Cloud NGFW,PAN-OS,Prisma Access 11.1.8 and later versions

MetaDefender Endpoint Security SDK 4.3.4451 and later versions

PAN-OS 11.2.8 [ETA June 2025] and later versions

PAN-OS 11.1.11 [ETA July 2025] and later

PAN-OS 10.2.17 [ETA August 2025] and later

 

 

Referenced Sites

 

[1] Chromium: Monthly Vulnerability Update (May 2025)

https://security.paloaltonetworks.com/PAN-SA-2025-0009

[2] PAN-OS: Firewall Denial-of-Service (DoS) in the Web-Proxy Feature via a Burst of Maliciously Crafted Packets

https://security.paloaltonetworks.com/CVE-2025-0130

[3] GlobalProtect App: Incorrect Privilege Management Vulnerability in OPSWAT MetaDefender Endpoint Security SDK

https://security.paloaltonetworks.com/CVE-2025-0131

[4] PAN-OS: Reflected Cross-Site Scripting (XSS) Vulnerability in GlobalProtect Gateway and Portal

https://security.paloaltonetworks.com/CVE-2025-0133