Palo Alto Networks PAN-OS Vulnerability (CVE-2025-0128) Enables DoS Attacks, Posing High Availability Risks

Credited by Freepik

VTA-004511 – Palo Alto Networks PAN-OS Vulnerability (CVE-2025-0128) Enables DoS Attacks, Posing High Availability Risks

A newly discovered denial-of-service (DoS) vulnerability, identified as CVE-2025-0128, affects Palo Alto Networks’ PAN-OS software. This flaw allows attackers to trigger repeated firewall reboots by sending a single malicious packet. The vulnerability specifically impacts the Simple Certificate Enrollment Protocol (SCEP) authentication, potentially causing significant disruptions to network operations. Unpatched systems are at risk of being forced into maintenance mode, leading to network downtime and negatively affecting critical services. Although no active exploits have been reported, the vulnerability poses a moderate risk due to its ability to disrupt service availability.

The flaw affects several versions of PAN-OS, including versions 11.2, 11.1, and 10.2, with specific patches available to address the issue. Affected versions include PAN-OS 11.2 (< 11.2.3), PAN-OS 11.1 (< 11.1.5), and PAN-OS 10.2 (< 10.2.11). Prisma Access is also impacted in versions prior to 10.2.4-h36, 10.2.10-h16, and 11.2.4-h5. Palo Alto Networks recommends upgrading to the fixed versions to prevent exploitation: PAN-OS 11.2.3+ for version 11.2, PAN-OS 11.1.5+ for version 11.1, and PAN-OS 10.2.11+ for version 10.2. Additionally, administrators can temporarily mitigate the issue by disabling SCEP authentication via the CLI.

Palo Alto Networks has classified the vulnerability’s severity as medium, with a CVSS v4.0 score of 6.6, although the base score is higher at 8.7 for unpatched systems. The flaw is easy to exploit, requiring no special prerequisites, and can be automated. Administrators are urged to prioritize patching systems exposed to untrusted networks to minimize the risk of disruption, as this issue has the potential to impact network availability on a significant scale.

Severity:

Medium

Attack Surface:
Infrastructure

Tactics:
Execution, Impact

Techniques:
T1499 – Denial of Service
T1190 – Exploit Public-Facing Application

Indicator of Compromise:
1. https://otx.alienvault.com/pulse/67f792ec483958eb42664b04

References:
1. https://security.paloaltonetworks.com/CVE-2025-0128

SuperPRO’s Threat Countermeasures Procedures:
1. Immediately upgrade affected PAN-OS systems to the fixed versions to mitigate the vulnerability
2. If an immediate upgrade is not possible, disable SCEP authentication via the CLI as a temporary protective measure
3. For Prisma Access tenants, ensure that the systems are already protected since March 21, 2025, as they have been automatically secured against this vulnerability.
4. Administrators should prioritize patching systems exposed to untrusted networks or critical environments to avoid potential service disruptions.
5. Regularly review firewall and network configurations, test patching processes, and ensure that security measures are in place to protect against similar vulnerabilities in the future.

Contributed by: Eddie