CVE-2025-0138 LOW

CVE-2025-0138: Prisma Cloud Compute Edition: Insufficient Session Expiration Vulnerability in the Web Interface

Vendor Palo Alto Networks
Product Prisma Cloud Compute Edition
Weakness CWE-613 · Insufficient session expiration
Published May 14, 2025
Last update June 23, 2025

CVSS base score

2.0/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/AU:N/R:U/V:D/RE:M/U:Amber

What the vulnerability does

01Description

Web sessions in the web interface of Palo Alto Networks Prisma® Cloud Compute Edition do not expire when users are deleted, which makes Prisma Cloud Compute Edition susceptible to unauthorized access. Compute in Prisma Cloud Enterprise Edition is not affected by this issue.

Key dates

02Disclosure timeline

May 14, 2025 CVE published
June 23, 2025 Record updated