Full Report
Palo Alto Networks has disclosed a denial-of-service vulnerability in its PAN-OS software that allows attackers to force firewalls into unexpected reboots using specially crafted network packets. The flaw, tracked as CVE-2025-4619, affects multiple versions of PAN-OS running on PA-Series and VM-Series firewalls, as well as Prisma Access deployments. The vulnerability enables unauthenticated attackers to trigger […] The post Palo Alto PAN-OS Flaw Lets Attackers Force Firewall Reboots via Malicious Packets appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Analysis Summary
# Vulnerability: PAN-OS Denial-of-Service via Malicious Packets Causing Firewall Reboots
## CVE Details
- CVE ID: CVE-2025-4619
- CVSS Score: 8.7 (High, per CVSS 4.0 base score) / 6.6 (Medium, per CVSS 4.0 overall score)
- CWE: Not specified in the text.
## Affected Systems
- Products: PAN-OS running on PA-Series Firewalls, VM-Series Firewalls, and Prisma Access deployments.
- Versions: Specific builds of PAN-OS 10.2, 11.1, and 11.2 (Note: Versions 10.1, 11.2.5 and later, and PAN-OS 12.1 are *unaffected*).
- Configurations: Firewalls configured with URL proxy functionality or a decrypt policy. Exploitation is possible even if traffic does not match explicit decrypt/no-decrypt policies. Cloud NGFW deployments are *not* vulnerable.
## Vulnerability Description
This is a Denial-of-Service (DoS) vulnerability in the PAN-OS software. An unauthenticated attacker can exploit this flaw by sending specially crafted network packets through the data plane to force affected firewalls into unexpected reboots. Repeated exploitation attempts may cause the firewall to enter maintenance mode, significantly disrupting security operations.
## Exploitation
- Status: No evidence of active malicious exploitation in the wild reported (Exploit maturity: unreported). PoC availability is not specified.
- Complexity: Low (Requires no user interaction or privileges).
- Attack Vector: Network (Data plane access required).
## Impact
- Confidentiality: Low (No specific disclosure mentioned, focus is on availability)
- Integrity: Low (No specific integrity impact mentioned, focus is on availability)
- Availability: High (Can force firewall reboots or place the device into maintenance mode, leading to service disruption).
## Remediation
### Patches
Users must upgrade to fixed versions:
- **PAN-OS 11.2 Branch:** Upgrade to 11.2.2-h2, 11.2.3-h6, 11.2.4-h4, or 11.2.5 and later.
- **PAN-OS 11.1 Branch:** Upgrade to 11.1.2-h18 or later.
- **PAN-OS 10.2 Branch:** Upgrade instructions should be checked via the vendor advisory.
### Workarounds
- Ensure the firewall is *not* configured with URL proxy functionality or a decrypt policy (Note: This significantly limits the firewall's functionality).
- Palo Alto Networks proactively upgraded the vast majority of Prisma Access customers.
## Detection
- Indicators of Compromise: Unexpected firewall reboots, devices entering maintenance mode.
- Detection methods and tools: Monitor data plane traffic for suspicious, malformed packet sequences targeting systems configured with URL proxy or decrypt policies.
## References
- Vendor Advisories: https://security.paloaltonetworks.com/CVE-2025-4619
- General Information: https://gbhackers.com/palo-alto-pan-os-flaw/