Affected Vendors
- Palo Alto Networks — 2 CVEs (1 High, 1 Low)
This Week's Highlights
A quiet week in router security with just two new CVEs, both affecting Palo Alto Networks PAN-OS® software. While the volume is low, one vulnerability carries meaningful risk for organizations running Palo Alto firewalls in production.
Palo Alto Networks (2 CVEs)
CVE-2025-4615 (High, CVSS 7.2) is the critical issue this week. An improper input neutralization flaw in the PAN-OS management web interface allows authenticated administrators to bypass system restrictions. This is a privilege escalation concern — if a lower-privileged admin account is compromised, or if an insider threat exists, an attacker could circumvent intended administrative boundaries. Action: Check your PAN-OS version against available patches and prioritize updates if you're running affected versions. Review admin access logs for unusual activity.
CVE-2025-4614 (Low, CVSS 2.7) is an information disclosure issue that exposes session tokens to authenticated administrators viewing the firewall web UI. While severity is low, token leakage can be a stepping stone in multi-stage attacks. This requires an authenticated actor, which limits immediate risk but is still worth noting in security reviews.
Recommendation: Both vulnerabilities require authentication, which reduces blast radius. However, if you manage Palo Alto firewalls, check Palo Alto's security advisory for patch availability and firmware update timelines this week.