[Palo Alto Networks Security Advisories] CVE-2025-0122 Prisma SD-WAN: Denial of Service (DoS) Vulnerability Through Burstof Crafted Packets

Palo Alto Networks Security Advisories /CVE-2025-0122

CVE-2025-0122 Prisma SD-WAN: Denial of Service (DoS) Vulnerability Through Burst of Crafted Packets

Description

A denial-of-service (DoS) vulnerability in Palo Alto Networks Prisma® SD-WAN ION devices enables an unauthenticated attacker in a network adjacent to a Prisma SD-WAN ION device to disrupt the packet processing capabilities of the device by sending a burst of crafted packets to that device.

Product Status

We do not plan to fix this issue in Prisma SD-WAN 6.2. If you are using Prisma SD-WAN 6.2, we recommend that you upgrade to Prisma SD-WAN 6.3.4, Prisma SD-WAN 6.4.2, or Prisma SD-WAN 6.5.1.

Required Configuration for Exposure

No special configuration is needed to be vulnerable to this issue.

Severity:MEDIUM, Suggested Urgency:MODERATE

CVSS-BT:4.9 /CVSS-B:7.1 (CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/AU:Y/R:A/V:D/RE:L/U:Amber)

Exploitation Status

Palo Alto Networks is not aware of any malicious exploitation of this issue.

Weakness Type and Impact

CWE-770 Allocation of Resources Without Limits or Throttling

CAPEC-482 TCP Flood

Solution

Workarounds and Mitigations

There are no known workarounds for this issue.

Acknowledgments

Timeline