Blog

Palo Alto Networks Issues Multiple Security Updates Across Product Line

June 12, 2025 — Palo Alto Networks has released seven new security advisories detailing critical and medium-severity vulnerabilities affecting several of its core products, including GlobalProtect, PAN-OS, Prisma Access, and Cortex XDR.

High-Severity: GlobalProtect for macOS – CVE-2025-4232

The most severe of the disclosed vulnerabilities is an improper wildcard neutralization flaw in GlobalProtect for macOS. Tracked as CVE-2025-4232, this vulnerability affects the application’s log collection feature and could allow an authenticated attacker to escalate privileges to root via code injection.

Chrome Fixes and Prisma Access Exposure

In conjunction with internal updates, Palo Alto also implemented 11 recent Chrome-related security fixes, including a patch for CVE-2025-4233 — a cache vulnerability affecting the Prisma Access Browser.

Command Injection Vulnerabilities in PAN-OS

Two additional command injection flaws were identified in PAN-OS:

  • CVE-2025-4231: Exploitable through the management web interface by an authenticated administrator with network access, allowing command execution as root.

  • CVE-2025-4230: Exploitable via CLI by administrators with elevated access. This bug permits bypassing system restrictions to run arbitrary commands as root. Restricting CLI access is recommended to reduce the impact.

Other Notable Fixes

  • SD-WAN Packet Interception: A PAN-OS defect could allow interception of unencrypted traffic over SD-WAN.

  • Cortex XDR Broker VM Privilege Escalation: An incorrect privilege assignment issue allows attackers to escalate privileges to root.

  • GlobalProtect for Windows/macOS – Endpoint Traffic Policy Enforcement: Improper access controls could lead to unencrypted packets on the network, enabling attackers with physical access to inject rogue devices and intercept traffic.

No Active Exploits Observed

Palo Alto Networks confirms that, to date, none of these vulnerabilities are known to be exploited in the wild. Customers are strongly encouraged to review and apply the relevant patches as detailed in the vendor's official Security Advisories.