Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2025-4619
PUBLISHED
More InfoOfficial Page
Assigner-palo_alto
Assigner Org ID-d6c1279f-00f6-4ef7-9217-f89ffe703ec0
View Known Exploited Vulnerability (KEV) details
Published At-13 Nov, 2025 | 20:24
Updated At-14 Nov, 2025 | 18:08
Rejected At-
▼CVE Numbering Authority (CNA)
PAN-OS: Firewall Denial of Service (DoS) Using Specially Crafted Packets

A denial-of-service (DoS) vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to reboot a firewall by sending a specially crafted packet through the dataplane. Repeated attempts to initiate a reboot causes the firewall to enter maintenance mode. This issue is applicable to the PAN-OS software versions listed below on PA-Series firewalls, VM-Series firewalls, and Prisma® Access software. This issue does not affect Cloud NGFW. ​​We have successfully completed the Prisma Access upgrade for all customers, with the exception of those facing issues such as conflicting maintenance windows. Remaining customers will be promptly scheduled for an upgrade through our standard upgrade process.

Affected Products
Vendor
Palo Alto Networks, Inc.Palo Alto Networks
Product
Cloud NGFW
Default Status
unaffected
Versions
Unaffected
  • All (custom)
Vendor
Palo Alto Networks, Inc.Palo Alto Networks
Product
PAN-OS
CPEs
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h3:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h2:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h1:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:-:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:h5:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:h4:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:h3:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:h2:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:h1:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:-:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:h1:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:-:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:h1:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:-:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h12:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h11:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h10:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h9:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h8:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h7:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h6:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h5:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h4:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h13:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h12:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h11:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h10:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h9:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h8:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h7:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h6:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h5:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h4:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h3:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h2:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:h17:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:h16:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:h15:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:h14:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:h13:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:h12:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:h11:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:h10:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:h9:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h2:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h1:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:-:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:h5:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:h4:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:h3:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:h2:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:h1:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:-:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:h11:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:h10:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:h9:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:h8:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:h7:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:h6:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:h5:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:h4:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:h3:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:h2:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:h1:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:-:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h20:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h19:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h18:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h17:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h16:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h15:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h14:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h13:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h12:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h11:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h10:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h9:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h8:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h7:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h6:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:h20:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:h19:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:h18:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:h17:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:h16:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:h15:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:h14:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:h13:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:h12:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:h11:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:h10:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h23:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h22:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h21:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h20:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h19:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h18:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h17:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h16:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h15:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h14:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h13:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h12:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h11:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*
Default Status
unaffected
Versions
Affected
  • From 11.2.0 before 11.2.5 (custom)
    • -> unaffectedfrom11.2.5
    • -> unaffectedfrom11.2.4-h4
    • -> unaffectedfrom11.2.3-h6
    • -> unaffectedfrom11.2.2-h2
  • From 11.1.0 before 11.1.7 (custom)
    • -> unaffectedfrom11.1.7
    • -> unaffectedfrom11.1.6-h1
    • -> unaffectedfrom11.1.4-h13
    • -> affectedfrom11.1.4-h4
    • -> affectedfrom11.1.3-h2
    • -> unaffectedfrom11.1.2-h18
    • -> affectedfrom11.1.2-h9
  • From 10.2.0 before 10.2.14 (custom)
    • -> unaffectedfrom10.2.14
    • -> unaffectedfrom10.2.13-h3
    • -> unaffectedfrom10.2.12-h6
    • -> unaffectedfrom10.2.11-h12
    • -> unaffectedfrom10.2.10-h14
    • -> affectedfrom10.2.10-h2
    • -> unaffectedfrom10.2.9-h21
    • -> affectedfrom10.2.9-h6
    • -> unaffectedfrom10.2.8-h21
    • -> affectedfrom10.2.8-h10
    • -> unaffectedfrom10.2.7-h24
    • -> affectedfrom10.2.7-h11
    • -> affectedfrom10.2.4-h25
Unaffected
  • 12.1.0 (custom)
  • 10.1.0 (custom)
Vendor
Palo Alto Networks, Inc.Palo Alto Networks
Product
Prisma Access
Platforms
  • PAN-OS
Default Status
unaffected
Versions
Affected
  • From 10.2.0 before 10.2.10-h14 (custom)
    • -> unaffectedfrom11.2.4-h4
    • -> unaffectedfrom10.2.10-h14
    • -> affectedfrom10.2.4-h25
Problem Types
TypeCWE IDDescription
CWECWE-754CWE-754 Improper Check for Unusual or Exceptional Conditions
Type: CWE
CWE ID: CWE-754
Description: CWE-754 Improper Check for Unusual or Exceptional Conditions
Metrics
VersionBase scoreBase severityVector
4.06.6MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/AU:Y/R:U/V:C/RE:M/U:Amber
Version: 4.0
Base score: 6.6
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/AU:Y/R:U/V:C/RE:M/U:Amber
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-129CAPEC-129: Pointer Manipulation
CAPEC ID: CAPEC-129
Description: CAPEC-129: Pointer Manipulation
Solutions

Version Minor Version Suggested Solution Cloud NGFW No action needed.PAN-OS 12.1 No action needed. PAN-OS 11.2 11.2.0 through 11.2.4 Upgrade to 11.2.4-h4 or 11.2.5 or later. 11.2.0 through 11.2.3 Upgrade to 11.2.3-h6 or 11.2.5 or later. 11.2.0 through 11.2.2 Upgrade to 11.2.2-h2 or 11.2.5 or later. PAN-OS 11.1 11.1.0 through 11.1.6 Upgrade to 11.1.6-h1 or 11.1.7 or later. 11.1.0 through 11.1.4 Upgrade to 11.1.4-h13 or 11.1.7 or later. 11.1.0 through 11.1.3 Remain on a version older than 11.1.3-h2 or upgrade to 11.1.4-h13 or 11.1.7 or later. 11.1.0 through 11.1.2 Upgrade to 11.1.2-h18 or 11.1.7 or later. PAN-OS 10.2 10.2.0 through 10.2.13 Upgrade to 10.2.13-h3 or 10.2.14 or later. 10.2.0 through 10.2.12 Upgrade to 10.2.12-h6 or 10.2.14 or later. 10.2.0 through 10.2.11 Upgrade to 10.2.11-h12 or 10.2.14 or later. 10.2.0 through 10.2.10 Upgrade to 10.2.10-h14 or 10.2.14 or later. 10.2.0 through 10.2.9 Upgrade to 10.2.9-h21 or 10.2.14 or later. 10.2.0 through 10.2.8 Upgrade to 10.2.8-h21 or 10.2.14 or later. 10.2.0 through 10.2.7 Upgrade to 10.2.7-h24 or 10.2.14 or later. 10.2.0 through 10.2.4 Remain on a version older than 10.2.4-h25 PAN-OS 10.1 No action needed.All older unsupported PAN-OS versions Upgrade to a supported fixed version. Prisma Access  on PAN-OS11.2.0 through 11.2.4Upgrade to 11.2.4-h4 or later 10.2.0 through 10.2.10 Upgrade to 10.2.10-h14 or 11.2.4-h4 or later. 10.2.0 through 10.2.4 Remain on a version older than 10.2.4-h25.

Configurations

This issue is only applicable to firewalls where URL proxy or any decrypt-policy is configured. When any decrypt policy is configured, this issue may be encountered regardless of whether traffic matches explicit decrypt, explicit no-decrypt, or none of the decryption policies.

Workarounds

No known workarounds exist for this issue.

Exploits

Palo Alto Networks is not aware of any malicious exploitation of this issue.

Credits
Timeline
EventDate
Initial publication2025-11-12 17:00:00
Event: Initial publication
Date: 2025-11-12 17:00:00
Replaced By
Rejected Reason
References
HyperlinkResource
https://security.paloaltonetworks.com/CVE-2025-4619
vendor-advisory
Hyperlink: https://security.paloaltonetworks.com/CVE-2025-4619
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found