{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-4619","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","state":"PUBLISHED","assignerShortName":"palo_alto","dateReserved":"2025-05-12T22:05:16.932Z","datePublished":"2025-11-13T20:24:19.208Z","dateUpdated":"2025-11-14T18:08:10.682Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"Cloud NGFW","vendor":"Palo Alto Networks","versions":[{"status":"unaffected","version":"All","versionType":"custom"}]},{"cpes":["cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h3:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h2:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h1:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:-:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:h5:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:h4:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:h3:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:h2:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:h1:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:-:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:h1:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:-:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:h1:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:-:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h12:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h11:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h10:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h9:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h8:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h7:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h6:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h5:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h4:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h13:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h12:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h11:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h10:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h9:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h8:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h7:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h6:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h5:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h4:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h3:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h2:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:h17:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:h16:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:h15:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:h14:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:h13:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:h12:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:h11:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:h10:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:h9:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h2:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h1:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:-:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:h5:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:h4:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:h3:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:h2:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:h1:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:-:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:h11:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:h10:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:h9:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:h8:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:h7:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:h6:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:h5:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:h4:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:h3:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:h2:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:h1:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:-:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h20:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h19:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h18:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h17:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h16:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h15:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h14:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h13:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h12:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h11:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h10:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h9:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h8:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h7:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h6:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:h20:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:h19:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:h18:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:h17:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:h16:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:h15:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:h14:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:h13:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:h12:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:h11:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:h10:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h23:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h22:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h21:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h20:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h19:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h18:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h17:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h16:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h15:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h14:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h13:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h12:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h11:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*"],"defaultStatus":"unaffected","product":"PAN-OS","vendor":"Palo Alto Networks","versions":[{"status":"unaffected","version":"12.1.0","versionType":"custom"},{"changes":[{"at":"11.2.5","status":"unaffected"},{"at":"11.2.4-h4","status":"unaffected"},{"at":"11.2.3-h6","status":"unaffected"},{"at":"11.2.2-h2","status":"unaffected"}],"lessThan":"11.2.5","status":"affected","version":"11.2.0","versionType":"custom"},{"changes":[{"at":"11.1.7","status":"unaffected"},{"at":"11.1.6-h1","status":"unaffected"},{"at":"11.1.4-h13","status":"unaffected"},{"at":"11.1.4-h4","status":"affected"},{"at":"11.1.3-h2","status":"affected"},{"at":"11.1.2-h18","status":"unaffected"},{"at":"11.1.2-h9","status":"affected"}],"lessThan":"11.1.7","status":"affected","version":"11.1.0","versionType":"custom"},{"changes":[{"at":"10.2.14","status":"unaffected"},{"at":"10.2.13-h3","status":"unaffected"},{"at":"10.2.12-h6","status":"unaffected"},{"at":"10.2.11-h12","status":"unaffected"},{"at":"10.2.10-h14","status":"unaffected"},{"at":"10.2.10-h2","status":"affected"},{"at":"10.2.9-h21","status":"unaffected"},{"at":"10.2.9-h6","status":"affected"},{"at":"10.2.8-h21","status":"unaffected"},{"at":"10.2.8-h10","status":"affected"},{"at":"10.2.7-h24","status":"unaffected"},{"at":"10.2.7-h11","status":"affected"},{"at":"10.2.4-h25","status":"affected"}],"lessThan":"10.2.14","status":"affected","version":"10.2.0","versionType":"custom"},{"status":"unaffected","version":"10.1.0","versionType":"custom"}]},{"defaultStatus":"unaffected","platforms":["PAN-OS"],"product":"Prisma Access","vendor":"Palo Alto Networks","versions":[{"changes":[{"at":"11.2.4-h4","status":"unaffected"},{"at":"10.2.10-h14","status":"unaffected"},{"at":"10.2.4-h25","status":"affected"}],"lessThan":"10.2.10-h14","status":"affected","version":"10.2.0","versionType":"custom"}]}],"configurations":[{"lang":"eng","supportingMedia":[{"base64":false,"type":"text/html","value":"This issue is only applicable to firewalls where URL proxy or any decrypt-policy is configured.

When any decrypt policy is configured, this issue may be encountered regardless of whether traffic matches explicit decrypt, explicit no-decrypt, or none of the decryption policies."}],"value":"This issue is only applicable to firewalls where URL proxy or any decrypt-policy is configured.\n\nWhen any decrypt policy is configured, this issue may be encountered regardless of whether traffic matches explicit decrypt, explicit no-decrypt, or none of the decryption policies."}],"cpeApplicability":[{"nodes":[{"cpeMatch":[{"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionEndExcluding":"11.2.5","versionStartIncluding":"11.2.0","vulnerable":true},{"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionEndExcluding":"11.2.4-h4","versionStartIncluding":"11.2.4","vulnerable":true},{"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionEndExcluding":"11.2.3-h6","versionStartIncluding":"11.2.3","vulnerable":true},{"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionEndExcluding":"11.2.2-h2","versionStartIncluding":"11.2.2","vulnerable":true},{"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionEndExcluding":"11.1.7","versionStartIncluding":"11.1.0","vulnerable":true},{"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionEndExcluding":"11.1.6-h1","versionStartIncluding":"11.1.6","vulnerable":true},{"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionEndExcluding":"11.1.4-h13","versionStartIncluding":"11.1.4","vulnerable":true},{"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionEndExcluding":"11.1.4-h4","versionStartIncluding":"11.1.4","vulnerable":true},{"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionEndExcluding":"11.1.3-h2","versionStartIncluding":"11.1.3","vulnerable":true},{"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionEndExcluding":"11.1.2-h18","versionStartIncluding":"11.1.2","vulnerable":true},{"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionEndExcluding":"11.1.2-h9","versionStartIncluding":"11.1.2","vulnerable":true},{"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionEndExcluding":"10.2.14","versionStartIncluding":"10.2.0","vulnerable":true},{"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionEndExcluding":"10.2.13-h3","versionStartIncluding":"10.2.13","vulnerable":true},{"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionEndExcluding":"10.2.12-h6","versionStartIncluding":"10.2.12","vulnerable":true},{"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionEndExcluding":"10.2.11-h12","versionStartIncluding":"10.2.11","vulnerable":true},{"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionEndExcluding":"10.2.10-h14","versionStartIncluding":"10.2.10","vulnerable":true},{"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionEndExcluding":"10.2.10-h2","versionStartIncluding":"10.2.10","vulnerable":true},{"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionEndExcluding":"10.2.9-h21","versionStartIncluding":"10.2.9","vulnerable":true},{"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionEndExcluding":"10.2.9-h6","versionStartIncluding":"10.2.9","vulnerable":true},{"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionEndExcluding":"10.2.8-h21","versionStartIncluding":"10.2.8","vulnerable":true},{"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionEndExcluding":"10.2.8-h10","versionStartIncluding":"10.2.8","vulnerable":true},{"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionEndExcluding":"10.2.7-h24","versionStartIncluding":"10.2.7","vulnerable":true},{"criteria":"cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*","versionEndExcluding":"10.2.7-h11","versionStartIncluding":"10.2.7","vulnerable":true}],"negate":false,"operator":"OR"},{"cpeMatch":[{"criteria":"cpe:2.3:o:palo_alto_networks:prisma_access:*:*:*:*:*:PAN-OS:*:*","versionEndExcluding":"11.2.4-h4","versionStartIncluding":"11.2.4","vulnerable":true},{"criteria":"cpe:2.3:o:palo_alto_networks:prisma_access:*:*:*:*:*:PAN-OS:*:*","versionEndExcluding":"10.2.10-h14","versionStartIncluding":"10.2.10","vulnerable":true}],"negate":false,"operator":"OR"}],"operator":"OR"}],"datePublic":"2025-11-12T17:00:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"A denial-of-service (DoS) vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to reboot a firewall by sending a specially crafted packet through the dataplane. Repeated attempts to initiate a reboot causes the firewall to enter maintenance mode.

This issue is applicable to the PAN-OS software versions listed below on PA-Series firewalls, VM-Series firewalls, and Prisma® Access software. This issue does not affect Cloud NGFW.

​​We have successfully completed the Prisma Access upgrade for all customers, with the exception of those facing issues such as conflicting maintenance windows. Remaining customers will be promptly scheduled for an upgrade through our standard upgrade process."}],"value":"A denial-of-service (DoS) vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to reboot a firewall by sending a specially crafted packet through the dataplane. Repeated attempts to initiate a reboot causes the firewall to enter maintenance mode.\n\nThis issue is applicable to the PAN-OS software versions listed below on PA-Series firewalls, VM-Series firewalls, and Prisma® Access software. This issue does not affect Cloud NGFW.\n\n​​We have successfully completed the Prisma Access upgrade for all customers, with the exception of those facing issues such as conflicting maintenance windows. Remaining customers will be promptly scheduled for an upgrade through our standard upgrade process."}],"exploits":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue."}],"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue."}],"impacts":[{"capecId":"CAPEC-129","descriptions":[{"lang":"en","value":"CAPEC-129: Pointer Manipulation"}]}],"metrics":[{"cvssV4_0":{"Automatable":"YES","Recovery":"USER","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"NETWORK","baseScore":6.6,"baseSeverity":"MEDIUM","exploitMaturity":"UNREPORTED","privilegesRequired":"NONE","providerUrgency":"AMBER","subAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"NONE","valueDensity":"CONCENTRATED","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/AU:Y/R:U/V:C/RE:M/U:Amber","version":"4.0","vulnAvailabilityImpact":"HIGH","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnerabilityResponseEffort":"MODERATE"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-754","description":"CWE-754 Improper Check for Unusual or Exceptional Conditions","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto","dateUpdated":"2025-11-14T13:48:54.807Z"},"references":[{"tags":["vendor-advisory"],"url":"https://security.paloaltonetworks.com/CVE-2025-4619"}],"solutions":[{"lang":"eng","supportingMedia":[{"base64":false,"type":"text/html","value":"\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n
Version
Minor Version
Suggested Solution
Cloud NGFW
No action needed.
PAN-OS 12.1
No action needed.
PAN-OS 11.2
11.2.0 through 11.2.4Upgrade to 11.2.4-h4 or 11.2.5 or later.
11.2.0 through 11.2.3Upgrade to 11.2.3-h6 or 11.2.5 or later.
11.2.0 through 11.2.2Upgrade to 11.2.2-h2 or 11.2.5 or later.
PAN-OS 11.1
11.1.0 through 11.1.6Upgrade to 11.1.6-h1 or 11.1.7 or later.
11.1.0 through 11.1.4Upgrade to 11.1.4-h13 or 11.1.7 or later.
11.1.0 through 11.1.3Remain on a version older than 11.1.3-h2 or upgrade to 11.1.4-h13 or 11.1.7 or later.
11.1.0 through 11.1.2Upgrade to 11.1.2-h18 or 11.1.7 or later.
PAN-OS 10.2
10.2.0 through 10.2.13Upgrade to 10.2.13-h3 or 10.2.14 or later.
10.2.0 through 10.2.12Upgrade to 10.2.12-h6 or 10.2.14 or later.
10.2.0 through 10.2.11Upgrade to 10.2.11-h12 or 10.2.14 or later.
10.2.0 through 10.2.10Upgrade to 10.2.10-h14 or 10.2.14 or later.
10.2.0 through 10.2.9Upgrade to 10.2.9-h21 or 10.2.14 or later.
10.2.0 through 10.2.8Upgrade to 10.2.8-h21 or 10.2.14 or later.
10.2.0 through 10.2.7Upgrade to 10.2.7-h24 or 10.2.14 or later.
10.2.0 through 10.2.4Remain on a version older than 10.2.4-h25
PAN-OS 10.1
No action needed.
All older
unsupported
PAN-OS versions		 Upgrade to a supported fixed version.
 Prisma Access  on PAN-OS11.2.0 through 11.2.4Upgrade to 11.2.4-h4 or later

10.2.0 through 10.2.10Upgrade to 10.2.10-h14 or 11.2.4-h4 or later.
10.2.0 through 10.2.4Remain on a version older than 10.2.4-h25.
"}],"value":"Version\nMinor Version\nSuggested Solution\nCloud NGFW\nNo action needed.PAN-OS 12.1\nNo action needed.\n PAN-OS 11.2\n\n 11.2.0 through 11.2.4\n Upgrade to 11.2.4-h4 or 11.2.5 or later.\n \n \n 11.2.0 through 11.2.3\n Upgrade to 11.2.3-h6 or 11.2.5 or later.\n \n \n 11.2.0 through 11.2.2\n Upgrade to 11.2.2-h2 or 11.2.5 or later.\n \n PAN-OS 11.1\n\n 11.1.0 through 11.1.6\n Upgrade to 11.1.6-h1 or 11.1.7 or later.\n \n \n 11.1.0 through 11.1.4\n Upgrade to 11.1.4-h13 or 11.1.7 or later.\n \n \n 11.1.0 through 11.1.3\n Remain on a version older than 11.1.3-h2 or upgrade to 11.1.4-h13 or 11.1.7 or later.\n \n \n 11.1.0 through 11.1.2\n Upgrade to 11.1.2-h18 or 11.1.7 or later.\n \n PAN-OS 10.2\n\n 10.2.0 through 10.2.13\n Upgrade to 10.2.13-h3 or 10.2.14 or later.\n \n \n 10.2.0 through 10.2.12\n Upgrade to 10.2.12-h6 or 10.2.14 or later.\n \n \n 10.2.0 through 10.2.11\n Upgrade to 10.2.11-h12 or 10.2.14 or later.\n \n \n 10.2.0 through 10.2.10\n Upgrade to 10.2.10-h14 or 10.2.14 or later.\n \n \n 10.2.0 through 10.2.9\n Upgrade to 10.2.9-h21 or 10.2.14 or later.\n \n \n 10.2.0 through 10.2.8\n Upgrade to 10.2.8-h21 or 10.2.14 or later.\n \n \n 10.2.0 through 10.2.7\n Upgrade to 10.2.7-h24 or 10.2.14 or later.\n \n \n 10.2.0 through 10.2.4\n Remain on a version older than 10.2.4-h25\n\n PAN-OS 10.1\nNo action needed.All older\nunsupported\nPAN-OS versions Upgrade to a supported fixed version. Prisma Access  on PAN-OS11.2.0 through 11.2.4Upgrade to 11.2.4-h4 or later\n \n\n 10.2.0 through 10.2.10\n Upgrade to 10.2.10-h14 or 11.2.4-h4 or later.\n \n \n 10.2.0 through 10.2.4\n Remain on a version older than 10.2.4-h25."}],"source":{"defect":["PAN-247099"],"discovery":"USER"},"timeline":[{"lang":"en","time":"2025-11-12T17:00:00.000Z","value":"Initial publication"}],"title":"PAN-OS: Firewall Denial of Service (DoS) Using Specially Crafted Packets","workarounds":[{"lang":"eng","supportingMedia":[{"base64":false,"type":"text/html","value":"No known workarounds exist for this issue."}],"value":"No known workarounds exist for this issue."}],"x_affectedList":["PAN-OS 11.2.4-h3","PAN-OS 11.2.4-h2","PAN-OS 11.2.4-h1","PAN-OS 11.2.4","PAN-OS 11.2.3-h5","PAN-OS 11.2.3-h4","PAN-OS 11.2.3-h3","PAN-OS 11.2.3-h2","PAN-OS 11.2.3-h1","PAN-OS 11.2.3","PAN-OS 11.2.2-h1","PAN-OS 11.2.2","PAN-OS 11.2.1-h1","PAN-OS 11.2.1","PAN-OS 11.2.0-h1","PAN-OS 11.2.0","PAN-OS 11.1.6","PAN-OS 11.1.5-h1","PAN-OS 11.1.5","PAN-OS 11.1.4-h12","PAN-OS 11.1.4-h11","PAN-OS 11.1.4-h10","PAN-OS 11.1.4-h9","PAN-OS 11.1.4-h8","PAN-OS 11.1.4-h7","PAN-OS 11.1.4-h6","PAN-OS 11.1.4-h5","PAN-OS 11.1.3-h13","PAN-OS 11.1.3-h12","PAN-OS 11.1.3-h11","PAN-OS 11.1.3-h10","PAN-OS 11.1.3-h9","PAN-OS 11.1.3-h8","PAN-OS 11.1.3-h7","PAN-OS 11.1.3-h6","PAN-OS 11.1.3-h5","PAN-OS 11.1.3-h4","PAN-OS 11.1.3-h3","PAN-OS 11.1.3-h2","PAN-OS 11.1.2-h17","PAN-OS 11.1.2-h16","PAN-OS 11.1.2-h15","PAN-OS 11.1.2-h14","PAN-OS 11.1.2-h13","PAN-OS 11.1.2-h12","PAN-OS 11.1.2-h11","PAN-OS 11.1.2-h10","PAN-OS 11.1.2-h9","PAN-OS 11.1.1-h2","PAN-OS 11.1.1-h1","PAN-OS 11.1.1","PAN-OS 11.1.0-h4","PAN-OS 11.1.0-h3","PAN-OS 11.1.0-h2","PAN-OS 11.1.0-h1","PAN-OS 11.1.0","PAN-OS 10.2.13-h2","PAN-OS 10.2.13-h1","PAN-OS 10.2.13","PAN-OS 10.2.12-h5","PAN-OS 10.2.12-h4","PAN-OS 10.2.12-h3","PAN-OS 10.2.12-h2","PAN-OS 10.2.12-h1","PAN-OS 10.2.12","PAN-OS 10.2.11-h11","PAN-OS 10.2.11-h10","PAN-OS 10.2.11-h9","PAN-OS 10.2.11-h8","PAN-OS 10.2.11-h7","PAN-OS 10.2.11-h6","PAN-OS 10.2.11-h5","PAN-OS 10.2.11-h4","PAN-OS 10.2.11-h3","PAN-OS 10.2.11-h2","PAN-OS 10.2.11-h1","PAN-OS 10.2.11","PAN-OS 10.2.10-h13","PAN-OS 10.2.10-h12","PAN-OS 10.2.10-h11","PAN-OS 10.2.10-h10","PAN-OS 10.2.10-h9","PAN-OS 10.2.10-h8","PAN-OS 10.2.10-h7","PAN-OS 10.2.10-h6","PAN-OS 10.2.10-h5","PAN-OS 10.2.10-h4","PAN-OS 10.2.10-h3","PAN-OS 10.2.10-h2","PAN-OS 10.2.9-h20","PAN-OS 10.2.9-h19","PAN-OS 10.2.9-h18","PAN-OS 10.2.9-h17","PAN-OS 10.2.9-h16","PAN-OS 10.2.9-h15","PAN-OS 10.2.9-h14","PAN-OS 10.2.9-h13","PAN-OS 10.2.9-h12","PAN-OS 10.2.9-h11","PAN-OS 10.2.9-h10","PAN-OS 10.2.9-h9","PAN-OS 10.2.9-h8","PAN-OS 10.2.9-h7","PAN-OS 10.2.9-h6","PAN-OS 10.2.8-h20","PAN-OS 10.2.8-h19","PAN-OS 10.2.8-h18","PAN-OS 10.2.8-h17","PAN-OS 10.2.8-h16","PAN-OS 10.2.8-h15","PAN-OS 10.2.8-h14","PAN-OS 10.2.8-h13","PAN-OS 10.2.8-h12","PAN-OS 10.2.8-h11","PAN-OS 10.2.8-h10","PAN-OS 10.2.7-h23","PAN-OS 10.2.7-h22","PAN-OS 10.2.7-h21","PAN-OS 10.2.7-h20","PAN-OS 10.2.7-h19","PAN-OS 10.2.7-h18","PAN-OS 10.2.7-h17","PAN-OS 10.2.7-h16","PAN-OS 10.2.7-h15","PAN-OS 10.2.7-h14","PAN-OS 10.2.7-h13","PAN-OS 10.2.7-h12","PAN-OS 10.2.7-h11","PAN-OS 10.2.6-h6","PAN-OS 10.2.6-h5","PAN-OS 10.2.6-h4","PAN-OS 10.2.6-h3","PAN-OS 10.2.6-h2","PAN-OS 10.2.6-h1","PAN-OS 10.2.6","PAN-OS 10.2.5-h9","PAN-OS 10.2.5-h8","PAN-OS 10.2.5-h7","PAN-OS 10.2.5-h6","PAN-OS 10.2.5-h5","PAN-OS 10.2.5-h4","PAN-OS 10.2.5-h3","PAN-OS 10.2.5-h2","PAN-OS 10.2.5-h1","PAN-OS 10.2.5","PAN-OS 10.2.4-h32","PAN-OS 10.2.4-h31","PAN-OS 10.2.4-h30","PAN-OS 10.2.4-h29","PAN-OS 10.2.4-h28","PAN-OS 10.2.4-h27","PAN-OS 10.2.4-h26","PAN-OS 10.2.4-h25","PAN-OS 10.2.3-h14","PAN-OS 10.2.3-h13","PAN-OS 10.2.3-h12","PAN-OS 10.2.3-h11","PAN-OS 10.2.3-h10","PAN-OS 10.2.3-h9","PAN-OS 10.2.3-h8","PAN-OS 10.2.3-h7","PAN-OS 10.2.3-h6","PAN-OS 10.2.3-h5","PAN-OS 10.2.3-h4","PAN-OS 10.2.3-h3","PAN-OS 10.2.3-h2","PAN-OS 10.2.3-h1","PAN-OS 10.2.3","PAN-OS 10.2.2-h6","PAN-OS 10.2.2-h5","PAN-OS 10.2.2-h4","PAN-OS 10.2.2-h3","PAN-OS 10.2.2-h2","PAN-OS 10.2.2-h1","PAN-OS 10.2.2","PAN-OS 10.2.1-h3","PAN-OS 10.2.1-h2","PAN-OS 10.2.1-h1","PAN-OS 10.2.1","PAN-OS 10.2.0-h4","PAN-OS 10.2.0-h3","PAN-OS 10.2.0-h2","PAN-OS 10.2.0-h1","PAN-OS 10.2.0"],"x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-11-14T18:08:04.676466Z","id":"CVE-2025-4619","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-11-14T18:08:10.682Z"}}]}}