Palo Alto Networks has disclosed a denial-of-service vulnerability in its PAN-OS software that allows attackers to force firewalls into unexpected reboots using specially crafted network packets.
The flaw, tracked as CVE-2025-4619, affects multiple versions of PAN-OS running on PA-Series and VM-Series firewalls, as well as Prisma Access deployments.
The vulnerability enables unauthenticated attackers to trigger firewall reboots by sending malicious packets through the data plane.
More concerning is that repeated exploitation attempts can push the affected firewall into maintenance mode, effectively disrupting network security operations and leaving organizations vulnerable to potential attacks during the downtime.
According to Palo Alto Networks’ security advisory published on November 12, 2025, the issue affects explicitly firewalls configured with URL proxy functionality or a decrypt policy.
Notably, the vulnerability can be exploited even when traffic doesn’t match explicit decrypt or no-decrypt policies, broadening the attack surface significantly for affected organizations running these standard configurations.
The flaw carries a CVSS score of 6.6 (Medium severity) under the CVSS 4.0 framework, with a base score of 8.7.
The vulnerability is classified as having a high product availability impact and low attack complexity.
It requires no user interaction or privileges, making it particularly dangerous for exposed systems accessible from the internet or untrusted networks.
Affected versions span multiple PAN-OS releases, including specific builds of PAN-OS 10.2, 11.1, and 11.2.
Organizations running PAN-OS 10.1, 11.2.5 or later, and the latest PAN-OS 12.1 versions remain unaffected by this security issue. Cloud NGFW deployments are also not vulnerable to this particular flaw.
Palo Alto Networks has emphasized that exploitation requires the firewall to have either a URL proxy or a decrypt policy configured, which are standard configurations in enterprise environments for content filtering and SSL inspection.
This requirement limits the scope but still affects a significant number of production deployments worldwide that rely on these security features.
The company has already taken proactive measures to protect Prisma Access customers, completing security upgrades for the vast majority of users.
Remaining customers facing scheduling conflicts or maintenance window issues will be promptly upgraded through the standard upgrade process to ensure comprehensive protection.
As of the advisory date, Palo Alto Networks reports no evidence of active malicious exploitation in the wild.
However, the company has classified the exploit maturity as “unreported” and assigned a moderate remediation urgency rating.
Organizations using affected PAN-OS versions should prioritize patching to the recommended fixed versions to prevent potential service disruptions.
For the PAN-OS 11.2 branch, upgrading to 11.2.2-h2, 11.2.3-h6, 11.2.4-h4, or 11.2.5 and later resolves the issue. PAN-OS 11.1 users should move to versions 11.1.2-h18 or later for protection.
The disclosure highlights the ongoing security challenges facing network infrastructure devices and underscores the importance of maintaining current patch levels.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and set GBH as a Preferred Source in Google.