CVE-2025-0123 Palo Alto Networks CVE debrief

Who should care

Organizations operating Siemens RUGGEDCOM APE1808 devices with Palo Alto Networks Virtual NGFW, particularly in industrial control system (ICS) environments. Security teams responsible for firewall administration, network monitoring, and privileged access management should prioritize this vulnerability. Organizations subject to regulatory requirements for data confidentiality in industrial networks should also take note.

Technical summary

This vulnerability exists in the packet capture feature of Palo Alto Networks PAN-OS software when processing decrypted HTTP/2 data streams. Unlicensed administrators with local access and high privileges can exploit this flaw to view clear-text data from network traffic. The vulnerability does not affect HTTP/1.1 data streams. The scope change in the CVSS vector indicates that successful exploitation can affect resources beyond the vulnerable component's security scope. The affected product is Siemens RUGGEDCOM APE1808, an industrial networking device that incorporates Palo Alto Networks Virtual NGFW.

Defensive priority

MEDIUM

Recommended defensive actions

• Upgrade Palo Alto Networks Virtual NGFW to version 11.1.8 per vendor guidance
• Contact Palo Alto Networks customer support to receive patch and update information
• Review administrator access controls to ensure least-privilege principles
• Monitor for unauthorized packet capture activities on affected systems
• Apply defense-in-depth strategies for industrial control systems per CISA guidance

Evidence notes

The source CISA CSAF advisory ICSA-24-338-02 documents this vulnerability as affecting Siemens RUGGEDCOM APE1808 with Palo Alto Networks Virtual NGFW. The advisory revision history confirms CVE-2025-0123 was added in version 1.4 on May 13, 2025. The CVSS vector indicates local attack vector, high privileges required, scope change, and high confidentiality impact.

Official resources