This new vulnerability brings to thoughts an nearly similar Palo Alto Networks DoS concern from late 2024, CVE-2024-3393, that additionally put affected firewalls into upkeep mode. On that event, attackers discovered in regards to the concern earlier than patches appeared, making it a zero-day vulnerability.
Extra lately, in December, risk intelligence firm GreyNoise seen an uptick in automated login makes an attempt concentrating on each GlobalProtect and Cisco VPNs, whereas earlier in 2025, PAN-OS was affected by a critical zero day flaw, CVE-2025-0108, that allowed attackers to bypass login authentication.
“In response to Palo Alto Networks’ security advisories, the corporate has reported nearly 500 vulnerabilities so far, lots of which affected PAN-OS. A big minority associated to DoS points,” a spokesperson for risk intelligence firm Flashpoint noticed. “[But] a notable portion of Palo Alto disclosures traditionally didn’t obtain CVE identifiers, significantly older PAN-OS points, which might complicate longitudinal comparability throughout distributors.”
Who’s affected?
The excellent news is that the majority clients utilizing the corporate’s cloud-delivered Safe Entry Service Edge (SASE) platform, Prisma Entry, have already been patched.
“Now we have efficiently accomplished the Prisma Entry improve for a lot of the clients, aside from few in progress as a result of conflicting improve schedules. Remaining clients are being promptly scheduled for an improve by way of our commonplace improve course of,” stated the advisory.
That leaves a not inconsiderable variety of PAN-OS NGFW clients utilizing the GlobalProtect gateway or portal who might want to apply the patch themselves. Though Palo Alto stated there aren’t any identified workarounds, to mitigate the difficulty, it could be potential to briefly disable the VPN interface at the price of dropping distant entry till patching is full.
