How severe is CVE-2025-0137?

This vulnerability has a severity rating of MEDIUM with a CVSS score of N/A out of 10.

What type of vulnerability is CVE-2025-0137?

This is classified as CWE-83, which is a common weakness in software security.

CVE-2025-0137 - MEDIUM Severity | CVSS N/A

Vulnerability Description

An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® software enables a malicious authenticated read-write administrator to impersonate another legitimate authenticated PAN-OS administrator. The attacker must have network access to the management web interface to exploit this issue. You greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended critical deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .

Related Vulnerabilities

CVE-2023-37908

CRITICAL

CVSS:9.6(Critical)

XWiki Rendering is a generic Rendering system that converts textual input in a given syntax into another syntax. The cleaning of attributes during XHTML rendering, introduced in version 14.6-rc-1, all...

CWE-832023

CVE-2024-26283

HIGH

CVSS:7.8(High)

An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme. This vulnerability affects Firefox for iOS < ...

CWE-832024

CVE-2023-30958

MEDIUM

CVSS:6.1(Medium)

A security defect was identified in Foundry Frontend that enabled users to potentially conduct DOM XSS attacks if Foundry's CSP were to be bypassed. This defect was resolved with the release of Foundr...

CWE-832023

CVE-2023-32070

MEDIUM

CVSS:6.1(Medium)

XWiki Platform is a generic wiki platform. Prior to version 14.6-rc-1, HTML rendering didn't check for dangerous attributes/attribute values. This allowed cross-site scripting (XSS) attacks via attrib...

CWE-832023

CVE-2024-9103

MEDIUM

CVSS:6.1(Medium)

Improper Neutralization of Script in Attributes in a Web Page vulnerability in Forcepoint Email Security (Blocked Messages module) allows Stored XSS. This issue affects Email Security through 8.5.5.

CWE-832024

CVE-2022-39262

MEDIUM

CVSS:4.8(Medium)

GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package, GLPI administrator can define rich-text content to be displayed on login page. The dis...

CWE-832022