PAN-OS Command Injection Flaw Lets Hackers Execute Arbitrary Code Remotely

Palo Alto Networks has disclosed a medium-severity vulnerability (CVE-2025-0127) in its PAN-OS software, enabling authenticated administrators on VM-Series firewalls to execute arbitrary commands with root privileges.

The flaw, discovered internally, affects specific legacy PAN-OS versions and requires immediate patching for impacted users. No active exploitation has been reported yet.

Key Details of the Vulnerability

Summary of the Vulnerability in Table

Aspect	Details
Vulnerability	Authenticated Admin Command Injection Vulnerability in PAN-OS VM-Series
CVE ID	CVE-2025-0127
Severity	Medium (CVSS-BT Score: 4.0 / CVSS-B Score: 7.1)
Discovery	Internally discovered by Palo Alto Networks
Impact	Enables authenticated administrators to bypass restrictions and execute arbitrary root commands
Affected Products	PAN-OS on VM-Series firewalls running legacy versions:
	– PAN-OS 10.1 (<10.1.14-h13)
	– PAN-OS 10.2 (<10.2.9)
	– PAN-OS 11.0 (<11.0.4)
Unaffected Products	– Cloud NGFW
	– Prisma Access
	– PAN-OS on physical firewalls

The vulnerability stems from improper input sanitization (CWE-78), allowing admins with high privileges to bypass restrictions and inject malicious commands.

Attackers could exploit this to compromise confidentiality, integrity, and availability of the firewall system.

Urgency and Mitigation

While the urgency level is marked “Moderate”, Palo Alto Networks emphasizes that organizations using older VM-Series deployments should prioritize updates:

• Patches Available:
  • PAN-OS 10.1: Upgrade to 10.1.14-h13
  • PAN-OS 10.2: Upgrade to 10.2.9
  • PAN-OS 11.0: Upgrade to 11.0.4 (Note: PAN-OS 11.0 is now end-of-life; migrate to newer versions).
• No Workarounds: Direct updates are the only solution.

“This flaw underscores the critical need for organizations to maintain updated systems, especially for legacy deployments,” said a Palo Alto Networks spokesperson.

• Exploit Complexity: Low (attacks require local access and admin credentials).
• Impact: Successful exploitation grants root access, enabling full system control.
• End-of-Life Systems: PAN-OS 11.0, 10.0, 9.1, and earlier versions are unsupported and presumed vulnerable.

Despite the high potential impact, the diffuse value density of targets and lack of automation in attacks reduce widespread risk. However, unpatched systems remain attractive to advanced threat actors.

Recommendations for Organizations

1. Identify VM-Series Deployments: Confirm if firewalls run affected PAN-OS versions.
2. Apply Patches Immediately: Follow upgrade guidance for PAN-OS 10.1, 10.2, and 11.0.
3. Migrate from EoL Versions: Transition to supported PAN-OS releases (11.1 or 11.2).
4. Monitor Access Logs: Audit admin activities for unusual command executions.

CVE-2025-0127 highlights persistent risks in legacy network infrastructure.

While no exploits are currently reported, the combination of high privileges and command injection capabilities makes this flaw a priority for VM-Series users.

Proactive patching and adherence to software lifecycle policies are critical to mitigating such threats.

Find this News Interesting! Follow us on Google News, LinkedIn, & X to Get Instant Updates!