A newly disclosed vulnerability in Palo Alto Networks PAN OS software allows remote attackers to force firewalls to reboot simply by sending a malicious packet. The company confirmed the issue and warned that the flaw could disrupt network operations for organisations using its security systems.
The vulnerability is tracked as CVE 2025 4619 and is linked to improper handling of unusual or exceptional conditions in the PAN OS dataplane. It does not require authentication, credentials or any user interaction. If exploited, the crafted packet can trigger an unexpected reboot of the firewall.
Security teams are especially concerned because repeated attack attempts can push affected devices into maintenance mode. This can severely interrupt network availability and leave organisations exposed while firewalls remain offline.
The company rated the vulnerability as medium severity with moderate urgency, giving it a CVSS 4.0 score of 6.6. However, the CVSS B score is higher at 8.7 due to the potential business impact and the fact that the attack is network based with low complexity. The flaw directly affects product availability, making it a serious operational risk.
The issue affects PA Series firewalls, VM Series firewalls and Prisma Access deployments running certain versions of PAN OS. Cloud NGFW is not affected. Vulnerable versions include PAN OS 10.2 through 10.2.13, 11.1 through 11.1.6 and 11.2 through 11.2.4. PAN OS 12.1 and 10.1 remain unaffected.
Exploitation depends on specific firewall configurations. The device must have a URL proxy or a decrypt policy enabled. Even systems with explicit no decrypt policies may still be at risk.
Palo Alto Networks advised users to upgrade to the patched releases. PAN OS 11.2 users should update to 11.2.5 or later. PAN OS 11.1 users should move to 11.1.7. Those on PAN OS 10.2 are urged to install version 10.2.14 or follow the recommended urgency based on their current build. There are no workarounds available at this time.
Palo Alto Networks said it has not seen any active exploitation in the wild. Administrators are urged to prioritise updates due to the simplicity of the attack and the potential impact on critical network infrastructure.
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: The Mainstream formerly known as CIO News LinkedIn Account | The Mainstream formerly known as CIO News Facebook | The Mainstream formerly known as CIO News Youtube | The Mainstream formerly known as CIO News Twitter
About us:
The Mainstream formerly known as CIO News is a premier platform dedicated to delivering latest news, updates, and insights from the tech industry. With its strong foundation of intellectual property and thought leadership, the platform is well-positioned to stay ahead of the curve and lead conversations about how technology shapes our world. From its early days as CIO News to its rebranding as The Mainstream on November 28, 2024, it has been expanding its global reach, targeting key markets in the Middle East & Africa, ASEAN, the USA, and the UK. The Mainstream is a vision to put technology at the center of every conversation, inspiring professionals and organizations to embrace the future of tech.
