Description
A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. To be able to exploit this issue, the user must have access to the PAN-OS CLI.

The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators.

Cloud NGFW and Prisma® Access are not affected by this vulnerability.
Published: 2025-06-12
Score: 8.4 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

Vendor Workaround

No workaround or mitigation is available.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-18226 A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. To be able to exploit this issue, the user must have access to the PAN-OS CLI. The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators. Cloud NGFW and Prisma® Access are not affected by this vulnerability.
History

Mon, 14 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00178}

 epss

{'score': 0.00173}

Fri, 13 Jun 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 12 Jun 2025 23:45:00 +0000

Type Values Removed Values Added
Description A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. To be able to exploit this issue, the user must have access to the PAN-OS CLI. The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators. Cloud NGFW and Prisma® Access are not affected by this vulnerability.
Title PAN-OS: Authenticated Admin Command Injection Vulnerability Through CLI
First Time appeared Palo Alto Networks
Palo Alto Networks pan-os
Weaknesses CWE-78
CPEs cpe:2.3:o:palo_alto_networks:pan-os:10.1.0:*:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:10.1.10:*:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:10.1.11:*:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:10.1.12:*:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:10.1.13:*:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:10.1.14:-:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:10.1.14:h10:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:10.1.14:h11:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:10.1.14:h13:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:10.1.14:h14:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:10.1.14:h1:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:10.1.14:h2:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:10.1.14:h3:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:10.1.14:h4:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:10.1.14:h5:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:10.1.14:h6:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:10.1.14:h7:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:10.1.14:h8:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:10.1.14:h9:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:10.1.1:*:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:10.1.2:*:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:10.1.3:*:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:10.1.4:*:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:10.1.5:*:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:10.1.6:*:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:10.1.7:*:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:10.1.8:*:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:10.1.9:*:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:*:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:*:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:*:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:*:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:*:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:*:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*
Vendors & Products Palo Alto Networks
Palo Alto Networks pan-os
References
Metrics cvssV4_0

{'score': 8.4, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/R:U/V:D/U:Amber'}

Subscriptions

Palo Alto Networks Pan-os
cve-icon MITRE

Status: PUBLISHED

Assigner: palo_alto

Published:

Updated: 2026-02-26T17:50:39.127Z

Reserved: 2025-05-02T19:10:43.398Z

Link: CVE-2025-4230

cve-icon Vulnrichment

Updated: 2025-06-13T13:32:38.272Z

cve-icon NVD

Status : Deferred

Published: 2025-06-13T00:15:23.380

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-4230

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses