n information disclosure vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to view session tokens of users authenticated to the firewall web UI. This may allow impersonation of users whose session tokens are leaked. The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators. Cloud NGFW and Prisma® Access are not affected by this vulnerability.
| Link | Resource |
|---|---|
| https://security.paloaltonetworks.com/CVE-2025-4614 | Vendor Advisory |
Configuration 1 (hide)
|
06 Feb 2026, 17:13
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h10:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h19:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h17:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h14:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h1:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h20:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h7:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h6:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:-:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h5:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h3:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h4:*:*:*:*:*:* |
22 Oct 2025, 17:52
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Paloaltonetworks
Paloaltonetworks pan-os |
|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 2.7 |
| References | () https://security.paloaltonetworks.com/CVE-2025-4614 - Vendor Advisory | |
| CPE | cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:* |
09 Oct 2025, 19:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Published : 2025-10-09 19:15
Updated : 2026-02-06 17:13
NVD link : CVE-2025-4614
Mitre link : CVE-2025-4614
CVE.ORG link : CVE-2025-4614
JSON object : View
Exposure of Sensitive System Information to an Unauthorized Control Sphere