Vulnerability-Lookup

WID-SEC-W-2025-1820

Vulnerability from csaf_certbund - Published: 2025-08-13 22:00 - Updated: 2025-08-13 22:00

Summary

Palo Alto Networks PAN-OS: Schwachstelle ermöglicht Offenlegung von Informationen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

PAN-OS ist das Betriebssystem der Sicherheitssysteme / Firewalls der Firma Palo Alto Networks.

Angriff

Ein Angreifer aus einem angrenzenden Netzwerk kann eine Schwachstelle in Palo Alto Networks PAN-OS ausnutzen, um Informationen offenzulegen.

Betroffene Betriebssysteme

- Sonstiges

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "PAN-OS ist das Betriebssystem der Sicherheitssysteme / Firewalls der Firma Palo Alto Networks.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer aus einem angrenzenden Netzwerk kann eine Schwachstelle in Palo Alto Networks PAN-OS ausnutzen, um Informationen offenzulegen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-1820 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1820.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-1820 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1820"
      },
      {
        "category": "external",
        "summary": "Palo Alto Security Advisory CVE-2025-2182 vom 2025-08-13",
        "url": "https://security.paloaltonetworks.com/CVE-2025-2182"
      }
    ],
    "source_lang": "en-US",
    "title": "Palo Alto Networks PAN-OS: Schwachstelle erm\u00f6glicht Offenlegung von Informationen",
    "tracking": {
      "current_release_date": "2025-08-13T22:00:00.000+00:00",
      "generator": {
        "date": "2025-08-14T08:37:09.596+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.4.0"
        }
      },
      "id": "WID-SEC-W-2025-1820",
      "initial_release_date": "2025-08-13T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-08-13T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "PA-7500 \u003c11.2.8",
                "product": {
                  "name": "Palo Alto Networks PAN-OS PA-7500 \u003c11.2.8",
                  "product_id": "T046210"
                }
              },
              {
                "category": "product_version",
                "name": "PA-7500 11.2.8",
                "product": {
                  "name": "Palo Alto Networks PAN-OS PA-7500 11.2.8",
                  "product_id": "T046210-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:paloaltonetworks:pan-os:pa-7500__11.2.8"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "PA-7500 \u003c11.1.10",
                "product": {
                  "name": "Palo Alto Networks PAN-OS PA-7500 \u003c11.1.10",
                  "product_id": "T046211"
                }
              },
              {
                "category": "product_version",
                "name": "PA-7500 11.1.10",
                "product": {
                  "name": "Palo Alto Networks PAN-OS PA-7500 11.1.10",
                  "product_id": "T046211-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:paloaltonetworks:pan-os:pa-7500__11.1.10"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "PAN-OS"
          }
        ],
        "category": "vendor",
        "name": "Palo Alto Networks"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-2182",
      "product_status": {
        "known_affected": [
          "T046210",
          "T046211"
        ]
      },
      "release_date": "2025-08-13T22:00:00.000+00:00",
      "title": "CVE-2025-2182"
    }
  ]
}

CVE-2025-2182 (GCVE-0-2025-2182)

Vulnerability from cvelistv5 – Published: 2025-08-13 17:03 – Updated: 2025-08-13 20:32

Title

PAN-OS: Firewall Clusters using the MACsec Protocol Expose the Connectivity Association Key (CAK)

Summary

A problem with the implementation of the MACsec protocol in Palo Alto Networks PAN-OS® results in the cleartext exposure of the connectivity association key (CAK). This issue is only applicable to PA-7500 Series devices which are in an NGFW cluster. A user who possesses this key can read messages being sent between devices in a NGFW Cluster. There is no impact in non-clustered firewalls or clusters of firewalls that do not enable MACsec.

Severity ?

5.6 (Medium)


                        
                          CVSS:4.0/AV:P/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/AU:N/R:A/V:D/RE:M/U:Amber

CWE

CWE-312 - Cleartext Storage of Sensitive Information

Assigner

palo_alto

References

URL

Tags

https://security.paloaltonetworks.com/CVE-2025-2182

vendor-advisory

Impacted products

Vendor

Product

Version

Palo Alto Networks

Cloud NGFW

Unaffected: All , < 3.2.449 (custom)

Palo Alto Networks	PAN-OS	Affected: 11.2.0 , < 11.2.8 (custom) Affected: 11.1.0 , < 11.1.10 (custom) Unaffected: 10.2.0 (custom) Unaffected: 10.1.0 (custom) cpe:2.3:o:palo_alto_networks:pan-os:11.2.7::::::PA-7500: cpe:2.3:o:palo_alto_networks:pan-os:11.2.6::::::PA-7500: cpe:2.3:o:palo_alto_networks:pan-os:11.2.5::::::PA-7500: cpe:2.3:o:palo_alto_networks:pan-os:11.2.4::::::PA-7500: cpe:2.3:o:palo_alto_networks:pan-os:11.2.3::::::PA-7500: cpe:2.3:o:palo_alto_networks:pan-os:11.2.2::::::PA-7500: cpe:2.3:o:palo_alto_networks:pan-os:11.2.1::::::PA-7500: cpe:2.3:o:palo_alto_networks:pan-os:11.2.0::::::PA-7500: cpe:2.3:o:palo_alto_networks:pan-os:11.1.9::::::PA-7500: cpe:2.3:o:palo_alto_networks:pan-os:11.1.8::::::PA-7500: cpe:2.3:o:palo_alto_networks:pan-os:11.1.6::::::PA-7500: cpe:2.3:o:palo_alto_networks:pan-os:11.1.5::::::PA-7500: cpe:2.3:o:palo_alto_networks:pan-os:11.1.4::::::PA-7500: cpe:2.3:o:palo_alto_networks:pan-os:11.1.3::::::PA-7500: cpe:2.3:o:palo_alto_networks:pan-os:11.1.2::::::PA-7500: cpe:2.3:o:palo_alto_networks:pan-os:11.1.1::::::PA-7500: cpe:2.3:o:palo_alto_networks:pan-os:11.1.0::::::PA-7500:
Palo Alto Networks	PAN-OS	Unaffected: All (custom)
Palo Alto Networks	Prisma Access	Unaffected: All (custom)

Credits

This issue was found during an internal security review.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-2182",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-13T20:32:04.428121Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-13T20:32:15.474Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Cloud NGFW",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "changes": [
                {
                  "at": "3.2.449",
                  "status": "unaffected"
                }
              ],
              "lessThan": "3.2.449",
              "status": "unaffected",
              "version": "All",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:*:*:*:*:*:PA-7500:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:PA-7500:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:PA-7500:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:*:*:*:*:*:PA-7500:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:PA-7500:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:PA-7500:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:PA-7500:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:PA-7500:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:PA-7500:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:PA-7500:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:*:*:*:*:*:PA-7500:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:PA-7500:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:*:*:*:*:*:PA-7500:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:PA-7500:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:PA-7500:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:PA-7500:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:PA-7500:*"
          ],
          "defaultStatus": "unaffected",
          "modules": [
            "Clusters"
          ],
          "platforms": [
            "PA-7500"
          ],
          "product": "PAN-OS",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "changes": [
                {
                  "at": "11.2.8",
                  "status": "unaffected"
                }
              ],
              "lessThan": "11.2.8",
              "status": "affected",
              "version": "11.2.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "11.1.10",
                  "status": "unaffected"
                }
              ],
              "lessThan": "11.1.10",
              "status": "affected",
              "version": "11.1.0",
              "versionType": "custom"
            },
            {
              "status": "unaffected",
              "version": "10.2.0",
              "versionType": "custom"
            },
            {
              "status": "unaffected",
              "version": "10.1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "devices other than PA-7500"
          ],
          "product": "PAN-OS",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "status": "unaffected",
              "version": "All",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Prisma Access",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "status": "unaffected",
              "version": "All",
              "versionType": "custom"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "eng",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThe following conditions must be true to be vulnerable to this issue:\u003c/p\u003e\u003col\u003e\u003cli\u003e\u003cp\u003eYour PA-7500 Series devices must be in an NGFW cluster. For more information regarding NGFW Clusters see our \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/pan-os/11-1/pan-os-admin/ngfw-clustering/ngfw-clusters\"\u003edocumentation\u003c/a\u003e.\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003eA MACsec policy must be configured and enabled for the NGFW cluster. For more information about MACsec profiles please see our \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/pan-os/11-1/pan-os-web-interface-help/network/network-network-profiles/network-network-profiles-macsec-profile\"\u003edocumentation\u003c/a\u003e.\u003c/p\u003e\u003c/li\u003e\u003c/ol\u003e\u003cb\u003e\u003c/b\u003e"
            }
          ],
          "value": "The following conditions must be true to be vulnerable to this issue:\n\n  *  Your PA-7500 Series devices must be in an NGFW cluster. For more information regarding NGFW Clusters see our  documentation https://docs.paloaltonetworks.com/pan-os/11-1/pan-os-admin/ngfw-clustering/ngfw-clusters .\n\n\n  *  A MACsec policy must be configured and enabled for the NGFW cluster. For more information about MACsec profiles please see our  documentation https://docs.paloaltonetworks.com/pan-os/11-1/pan-os-web-interface-help/network/network-network-profiles/network-network-profiles-macsec-profile ."
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "This issue was found during an internal security review."
        }
      ],
      "datePublic": "2025-08-13T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A problem with the implementation of the MACsec protocol in Palo Alto Networks PAN-OS\u00ae results in the cleartext exposure of the connectivity association key (CAK). This issue is only applicable to PA-7500 Series devices which are in an NGFW cluster.\u003cbr\u003eA user who possesses this key can read messages being sent between devices in a NGFW Cluster. There is no impact in non-clustered firewalls or clusters of firewalls that do not enable MACsec.\u0026nbsp;\u003cbr\u003e\u003cp\u003e\u003c/p\u003e"
            }
          ],
          "value": "A problem with the implementation of the MACsec protocol in Palo Alto Networks PAN-OS\u00ae results in the cleartext exposure of the connectivity association key (CAK). This issue is only applicable to PA-7500 Series devices which are in an NGFW cluster.\nA user who possesses this key can read messages being sent between devices in a NGFW Cluster. There is no impact in non-clustered firewalls or clusters of firewalls that do not enable MACsec."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
            }
          ],
          "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-158",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-158 Sniffing Network Traffic"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NO",
            "Recovery": "AUTOMATIC",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "PHYSICAL",
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "HIGH",
            "providerUrgency": "AMBER",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "DIFFUSE",
            "vectorString": "CVSS:4.0/AV:P/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/AU:N/R:A/V:D/RE:M/U:Amber",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "MODERATE"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-312",
              "description": "CWE-312 Cleartext Storage of Sensitive Information",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-13T17:03:21.617Z",
        "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "shortName": "palo_alto"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.paloaltonetworks.com/CVE-2025-2182"
        }
      ],
      "solutions": [
        {
          "lang": "eng",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003cbr\u003e\u003c/th\u003e\u003cth\u003eMinor Version\u003cbr\u003e\u003c/th\u003e\u003cth\u003eSuggested Solution\u003cbr\u003e\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eCloud NGFW\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\n                                    \u003ctd\u003ePAN-OS 11.2 on PA-7500\u003cbr\u003e\u003c/td\u003e\n                                    \u003ctd\u003e11.2.0 through 11.2.7\u003c/td\u003e\n                                    \u003ctd\u003eUpgrade to 11.2.8 or later.\u003c/td\u003e\n                                \u003c/tr\u003e\u003ctr\u003e\n                                    \u003ctd\u003ePAN-OS 11.1 on PA-7500\u003cbr\u003e\u003c/td\u003e\n                                    \u003ctd\u003e11.1.0 through 11.1.9\u003c/td\u003e\n                                    \u003ctd\u003eUpgrade to 11.1.10 or later.\u003c/td\u003e\n                                \u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 10.2 on PA-7500\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 10.1 on PA-7500\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS on devices other than PA-7500\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eAll older\u003cbr\u003eunsupported\u003cbr\u003ePAN-OS versions\u003c/td\u003e\u003ctd\u003e\u0026nbsp;\u003c/td\u003e\u003ctd\u003eUpgrade to a supported fixed version.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePrisma Access\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
            }
          ],
          "value": "Version\nMinor Version\nSuggested Solution\nCloud NGFW\nNo action needed.\n                                    PAN-OS 11.2 on PA-7500\n\n                                    11.2.0 through 11.2.7\n                                    Upgrade to 11.2.8 or later.\n                                \n                                    PAN-OS 11.1 on PA-7500\n\n                                    11.1.0 through 11.1.9\n                                    Upgrade to 11.1.10 or later.\n                                PAN-OS 10.2 on PA-7500\nNo action needed.PAN-OS 10.1 on PA-7500\nNo action needed.PAN-OS on devices other than PA-7500\nNo action needed.All older\nunsupported\nPAN-OS versions\u00a0Upgrade to a supported fixed version.Prisma Access\nNo action needed."
        }
      ],
      "source": {
        "defect": [
          "PAN-284490"
        ],
        "discovery": "INTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2025-08-13T16:00:00.000Z",
          "value": "Initial Publication"
        }
      ],
      "title": "PAN-OS: Firewall Clusters using the MACsec Protocol Expose the Connectivity Association Key (CAK)",
      "workarounds": [
        {
          "lang": "eng",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "No known workarounds exist for this issue."
            }
          ],
          "value": "No known workarounds exist for this issue."
        }
      ],
      "x_affectedList": [
        "PAN-OS 11.2.7-h2",
        "PAN-OS 11.2.7-h1",
        "PAN-OS 11.2.7",
        "PAN-OS 11.2.6",
        "PAN-OS 11.2.5",
        "PAN-OS 11.2.4-h11",
        "PAN-OS 11.2.4-h10",
        "PAN-OS 11.2.4-h9",
        "PAN-OS 11.2.4-h8",
        "PAN-OS 11.2.4-h7",
        "PAN-OS 11.2.4-h6",
        "PAN-OS 11.2.4-h5",
        "PAN-OS 11.2.4-h4",
        "PAN-OS 11.2.4-h3",
        "PAN-OS 11.2.4-h2",
        "PAN-OS 11.2.4-h1",
        "PAN-OS 11.2.4",
        "PAN-OS 11.2.3-h5",
        "PAN-OS 11.2.3-h4",
        "PAN-OS 11.2.3-h3",
        "PAN-OS 11.2.3-h2",
        "PAN-OS 11.2.3-h1",
        "PAN-OS 11.2.3",
        "PAN-OS 11.2.2-h2",
        "PAN-OS 11.2.2-h1",
        "PAN-OS 11.2.1-h1",
        "PAN-OS 11.2.1",
        "PAN-OS 11.2.0-h1",
        "PAN-OS 11.2.0",
        "PAN-OS 11.1.9",
        "PAN-OS 11.1.8",
        "PAN-OS 11.1.6-h14",
        "PAN-OS 11.1.6-h10",
        "PAN-OS 11.1.6-h7",
        "PAN-OS 11.1.6-h6",
        "PAN-OS 11.1.6-h4",
        "PAN-OS 11.1.6-h3",
        "PAN-OS 11.1.6-h2",
        "PAN-OS 11.1.6-h1",
        "PAN-OS 11.1.6",
        "PAN-OS 11.1.5-h1",
        "PAN-OS 11.1.5",
        "PAN-OS 11.1.4-h18",
        "PAN-OS 11.1.4-h17",
        "PAN-OS 11.1.4-h15",
        "PAN-OS 11.1.4-h13",
        "PAN-OS 11.1.4-h12",
        "PAN-OS 11.1.4-h11",
        "PAN-OS 11.1.4-h10",
        "PAN-OS 11.1.4-h9",
        "PAN-OS 11.1.4-h8",
        "PAN-OS 11.1.4-h7",
        "PAN-OS 11.1.4-h6",
        "PAN-OS 11.1.4-h5",
        "PAN-OS 11.1.4-h4",
        "PAN-OS 11.1.4-h3",
        "PAN-OS 11.1.4-h2",
        "PAN-OS 11.1.4-h1",
        "PAN-OS 11.1.4",
        "PAN-OS 11.1.3-h13",
        "PAN-OS 11.1.3-h12",
        "PAN-OS 11.1.3-h11",
        "PAN-OS 11.1.3-h10",
        "PAN-OS 11.1.3-h9",
        "PAN-OS 11.1.3-h8",
        "PAN-OS 11.1.3-h7",
        "PAN-OS 11.1.3-h6",
        "PAN-OS 11.1.3-h5",
        "PAN-OS 11.1.3-h4",
        "PAN-OS 11.1.3-h3",
        "PAN-OS 11.1.3-h2",
        "PAN-OS 11.1.3-h1",
        "PAN-OS 11.1.3",
        "PAN-OS 11.1.2-h18",
        "PAN-OS 11.1.2-h17",
        "PAN-OS 11.1.2-h16",
        "PAN-OS 11.1.2-h15",
        "PAN-OS 11.1.2-h14",
        "PAN-OS 11.1.2-h13",
        "PAN-OS 11.1.2-h12",
        "PAN-OS 11.1.2-h11",
        "PAN-OS 11.1.2-h10",
        "PAN-OS 11.1.2-h9",
        "PAN-OS 11.1.2-h8",
        "PAN-OS 11.1.2-h7",
        "PAN-OS 11.1.2-h6",
        "PAN-OS 11.1.2-h5",
        "PAN-OS 11.1.2-h4",
        "PAN-OS 11.1.2-h3",
        "PAN-OS 11.1.2-h2",
        "PAN-OS 11.1.2-h1",
        "PAN-OS 11.1.2",
        "PAN-OS 11.1.1-h2",
        "PAN-OS 11.1.1-h1",
        "PAN-OS 11.1.1",
        "PAN-OS 11.1.0-h4",
        "PAN-OS 11.1.0-h3",
        "PAN-OS 11.1.0-h2",
        "PAN-OS 11.1.0-h1",
        "PAN-OS 11.1.0"
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
    "assignerShortName": "palo_alto",
    "cveId": "CVE-2025-2182",
    "datePublished": "2025-08-13T17:03:21.617Z",
    "dateReserved": "2025-03-10T17:56:24.875Z",
    "dateUpdated": "2025-08-13T20:32:15.474Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2025-1820

CVE-2025-2182 (GCVE-0-2025-2182)

Tags

Sightings

Nomenclature