Palo Alto Networks fixed multiple privilege escalation flaws

Pierluigi Paganini June 14, 2025

Palo Alto Networks addressed multiple vulnerabilities and included the latest Chrome patches in its solutions.

Palo Alto Networks fixed seven privilege escalation vulnerabilities and integrated the latest Chrome security patches into its products.

Palo Alto applied 11 Chrome fixes and patched CVE-2025-4233, a cache vulnerability impacting the Prisma Access Browser.

The most severe vulnerability, tracked as CVE-2025-4232 (CVSS score of 7.1), is an authenticated code injection through wildcard on macOS.

“An improper neutralization of wildcards vulnerability in the log collection feature of Palo Alto Networks GlobalProtect™ app on macOS allows a non administrative user to escalate their privileges to root.” reads the advisory.

The company also addressed a PAN-OS Authenticated Admin Command Injection Vulnerability, tracked as CVE-2025-4231 (CVSS score of 6.1), in the Management Web Interface.

The command injection flaw in Palo Alto Networks PAN-OS allows authenticated admins with web interface access to execute actions as root. The company states that Cloud NGFW and Prisma Access are unaffected.

Another issue fixed by the company is PAN-OS: Authenticated Admin Command Injection Vulnerability Through CLI that is tracked as CVE-2025-4230 (CVSS score of 5.7).

“A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. To be able to exploit this issue, the user must have access to the PAN-OS CLI.The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators.” reads the advisory. “Cloud NGFW and Prisma® Access are not affected by this vulnerability.”

The firm also fixed a PAN-OS flaw, tracked as CVE-2025-4228 (CVSS score 1.0) exposing unencrypted SD-WAN data and a Cortex XDR Broker VM bug that let attackers escalate privileges to root.

The security vendor is not aware of attacks in the wild exploiting any of these vulnerabilities.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, PAN-OS)

Pierluigi Paganini August 01, 2025

CISA released Thorium platform to support malware and forensic analysis

Pierluigi Paganini July 31, 2025