MUST READ

French firm Bouygues Telecom suffered a data breach impacting 6.4M customers

 | 

Columbia University data breach impacted 868,969 people

 | 

SonicWall dismisses zero-day fears after Ransomware probe

 | 

Air France and KLM disclosed data breaches following the hack of a third-party platform

 | 

CISA, Microsoft warn of critical Exchange hybrid flaw CVE-2025-53786

 | 

Microsoft unveils Project Ire: AI that autonomously detects malware

 | 

CERT-UA warns of UAC-0099 phishing attacks targeting Ukraine’s defense sector

 | 

Over 100 Dell models exposed to critical ControlVault3 firmware bugs

 | 

How CTEM Boosts Visibility and Shrinks Attack Surfaces in Hybrid and Cloud Environments

 | 

WhatsApp cracks down on 6.8M scam accounts in global takedown

 | 

Trend Micro fixes two actively exploited Apex One RCE flaws

 | 

U.S. CISA adds D-Link cameras and Network Video Recorder flaws to its Known Exploited Vulnerabilities catalog

 | 

Google fixed two Qualcomm bugs that were actively exploited in the wild

 | 

Zero Day Quest returns: Microsoft ups the stakes with $5M bug bounty

 | 

Cisco disclosed a CRM data breach via vishing attack

 | 

Exposed Without a Breach: The Cost of Data Blindness

 | 

SonicWall investigates possible zero-day amid Akira ransomware surge

 | 

Chaining NVIDIA's Triton Server flaws exposes AI systems to remote takeover

 | 

Hacking group D4rk4rmy claimed the hack of Monte-Carlo Société des Bains de Mer

 | 

Northwest Radiologists data breach hits 350,000 in Washington

 | 

Palo Alto Networks fixed multiple privilege escalation flaws

Pierluigi Paganini June 14, 2025

Palo Alto Networks addressed multiple vulnerabilities and included the latest Chrome patches in its solutions.

Palo Alto Networks fixed seven privilege escalation vulnerabilities and integrated the latest Chrome security patches into its products.

Palo Alto applied 11 Chrome fixes and patched CVE-2025-4233, a cache vulnerability impacting the Prisma Access Browser.

The most severe vulnerability, tracked as CVE-2025-4232 (CVSS score of 7.1), is an authenticated code injection through wildcard on macOS.

“An improper neutralization of wildcards vulnerability in the log collection feature of Palo Alto Networks GlobalProtect™ app on macOS allows a non administrative user to escalate their privileges to root.” reads the advisory.

The company also addressed a PAN-OS Authenticated Admin Command Injection Vulnerability, tracked as CVE-2025-4231 (CVSS score of 6.1), in the Management Web Interface.

The command injection flaw in Palo Alto Networks PAN-OS allows authenticated admins with web interface access to execute actions as root. The company states that Cloud NGFW and Prisma Access are unaffected.

Another issue fixed by the company is PAN-OS: Authenticated Admin Command Injection Vulnerability Through CLI that is tracked as CVE-2025-4230 (CVSS score of 5.7).

“A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. To be able to exploit this issue, the user must have access to the PAN-OS CLI.The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators.” reads the advisory. “Cloud NGFW and Prisma® Access are not affected by this vulnerability.”

The firm also fixed a PAN-OS flaw, tracked as CVE-2025-4228 (CVSS score 1.0) exposing unencrypted SD-WAN data and a Cortex XDR Broker VM bug that let attackers escalate privileges to root.

The security vendor is not aware of attacks in the wild exploiting any of these vulnerabilities.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, PAN-OS)

Hacking hacking news information security news IT Information Security Palo Alto Networks Pierluigi Paganini Security Affairs Security News

you might also like

Pierluigi Paganini August 08, 2025
French firm Bouygues Telecom suffered a data breach impacting 6.4M customers
Read more
Pierluigi Paganini August 08, 2025
Columbia University data breach impacted 868,969 people
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

French firm Bouygues Telecom suffered a data breach impacting 6.4M customers

Data Breach / August 08, 2025

Columbia University data breach impacted 868,969 people

Data Breach / August 08, 2025

SonicWall dismisses zero-day fears after Ransomware probe

Security / August 08, 2025

Air France and KLM disclosed data breaches following the hack of a third-party platform

Data Breach / August 07, 2025

CISA, Microsoft warn of critical Exchange hybrid flaw CVE-2025-53786

Security / August 07, 2025