nvd-json-data-feeds/CVE-2025/CVE-2025-01xx/CVE-2025-0126.json

{
  "id": "CVE-2025-0126",
  "sourceIdentifier": "psirt@paloaltonetworks.com",
  "published": "2025-04-11T02:15:18.970",
  "lastModified": "2025-04-11T15:39:52.920",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "When configured using SAML, a session fixation vulnerability in the GlobalProtect\u2122 login enables an attacker to impersonate a legitimate authorized user and perform actions as that GlobalProtect user. This requires the legitimate user to first click on a malicious link provided by the attacker.\n\nThe SAML login for the PAN-OS\u00ae management interface is not affected. Additionally, this issue does not affect Cloud NGFW and all Prisma\u00ae Access instances are proactively patched."
    },
    {
      "lang": "es",
      "value": "Cuando se configura con SAML, una vulnerabilidad de fijaci\u00f3n de sesi\u00f3n en el inicio de sesi\u00f3n de GlobalProtect\u2122 permite a un atacante hacerse pasar por un usuario autorizado leg\u00edtimo y realizar acciones como ese usuario de GlobalProtect. Esto requiere que el usuario leg\u00edtimo primero haga clic en un enlace malicioso proporcionado por el atacante. El inicio de sesi\u00f3n SAML para la interfaz de administraci\u00f3n de PAN-OS\u00ae no se ver\u00e1 afectado. Adem\u00e1s, este problema no afecta a Cloud NGFW y todas las instancias de Prisma\u00ae Access reciben parches de forma proactiva."
    }
  ],
  "metrics": {
    "cvssMetricV40": [
      {
        "source": "psirt@paloaltonetworks.com",
        "type": "Secondary",
        "cvssData": {
          "version": "4.0",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:H/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber",
          "baseScore": 8.3,
          "baseSeverity": "HIGH",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "privilegesRequired": "NONE",
          "userInteraction": "ACTIVE",
          "vulnConfidentialityImpact": "NONE",
          "vulnIntegrityImpact": "LOW",
          "vulnAvailabilityImpact": "HIGH",
          "subConfidentialityImpact": "HIGH",
          "subIntegrityImpact": "NONE",
          "subAvailabilityImpact": "NONE",
          "exploitMaturity": "NOT_DEFINED",
          "confidentialityRequirement": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "availabilityRequirement": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "Automatable": "NO",
          "Recovery": "USER",
          "valueDensity": "DIFFUSE",
          "vulnerabilityResponseEffort": "MODERATE",
          "providerUrgency": "AMBER"
        }
      }
    ]
  },
  "weaknesses": [
    {
      "source": "psirt@paloaltonetworks.com",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-384"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://security.paloaltonetworks.com/CVE-2025-0126",
      "source": "psirt@paloaltonetworks.com"
    }
  ]
}