CVE-2025-4231 HIGH

CVE-2025-4231: PAN-OS: Authenticated Admin Command Injection Vulnerability in the Management Web Interface

Vendor Palo Alto Networks
Product PAN-OS
Weakness CWE-77
Published June 12, 2025
Last update February 26, 2026

CVSS base score

8.6/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:N/SA:N/AU:N/R:U/V:C/RE:M/U:Amber

What the vulnerability does

01Description

A command injection vulnerability in Palo Alto Networks PAN-OS® enables an authenticated administrative user to perform actions as the root user. The attacker must have network access to the management web interface and successfully authenticate to exploit this issue. Cloud NGFW and Prisma Access are not impacted by this vulnerability.

Key dates

02Disclosure timeline

June 12, 2025 CVE published
February 26, 2026 Record updated