PatchSiren cyber security CVE debrief
CVE-2025-0116 Palo Alto Networks CVE debrief
A Denial of Service (DoS) vulnerability in Palo Alto Networks PAN-OS software causes the firewall to unexpectedly reboot when processing a specially crafted LLDP frame sent by an unauthenticated adjacent attacker. Repeated attempts to initiate this condition causes the firewall to enter maintenance mode.
- Vendor
- Palo Alto Networks
- Product
- RUGGEDCOM APE1808
- CVSS
- MEDIUM 5.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-11-22
- Original CVE updated
- 2025-06-10
- Advisory published
- 2024-11-22
- Advisory updated
- 2025-06-10
Who should care
Organizations operating Siemens RUGGEDCOM APE1808 devices with Palo Alto Networks Virtual NGFW in industrial control system (ICS) or operational technology (OT) environments. Network administrators responsible for firewall availability and uptime in critical infrastructure sectors. Security teams monitoring for denial-of-service conditions in segmented network environments where LLDP is utilized for network discovery and management.
Technical summary
CVE-2025-0116 is a medium-severity (CVSS 5.7) Denial of Service vulnerability in Palo Alto Networks PAN-OS software. The vulnerability can be triggered by an unauthenticated adjacent attacker sending a specially crafted LLDP (Link Layer Discovery Protocol) frame to the firewall. Successful exploitation causes unexpected firewall reboots; repeated attempts can force the device into maintenance mode, resulting in extended service disruption. The attack requires adjacent network access and user interaction, with low attack complexity. The vulnerability affects Siemens RUGGEDCOM APE1808 devices incorporating Palo Alto Networks Virtual NGFW. A vendor fix is available requiring upgrade to Virtual NGFW V11.1.8.
Defensive priority
medium
Recommended defensive actions
- Upgrade Palo Alto Networks Virtual NGFW to version V11.1.8. Contact customer support to receive patch and update information.
- Apply network segmentation to limit LLDP traffic exposure to trusted adjacent devices only.
- Monitor for unexpected firewall reboots and maintenance mode entries as potential indicators of exploitation attempts.
- Review and implement CISA ICS recommended practices for industrial control systems defense in depth.
Evidence notes
The vulnerability was disclosed on 2024-11-22 via CISA ICS Advisory ICSA-24-338-02, with the advisory subsequently updated on 2025-04-08 to add CVE-2025-0116 and update remediation guidance for Siemens RUGGEDCOM APE1808 devices. The CVSS 3.1 vector (AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) indicates an adjacent network attack vector with low attack complexity, no privileges required, and high availability impact. The vulnerability affects Siemens RUGGEDCOM APE1808 devices running Palo Alto Networks Virtual NGFW.
Official resources
-
CVE-2025-0116 CVE record
CVE.org
-
CVE-2025-0116 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-11-22