PatchSiren cyber security CVE debrief
CVE-2025-0125 Palo Alto Networks CVE debrief
An improper input neutralization vulnerability in the management web interface of Palo Alto Networks PAN-OS software enables a malicious authenticated read-write administrator to impersonate another legitimate authenticated PAN-OS administrator. This vulnerability affects Siemens RUGGEDCOM APE1808 devices that incorporate Palo Alto Networks Virtual NGFW. The issue was first published on 2024-11-22 and most recently modified on 2025-06-10. The CVSS v3.1 score of 5.2 (MEDIUM) reflects the high privileges required for exploitation (PR:H) and user interaction needed (UI:R), with network attack vector (AV:N) and low attack complexity (AC:L). Successful exploitation could allow an attacker with existing administrative access to impersonate other administrators, potentially leading to unauthorized actions under another user's identity.
- Vendor
- Palo Alto Networks
- Product
- RUGGEDCOM APE1808
- CVSS
- MEDIUM 5.2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-11-22
- Original CVE updated
- 2025-06-10
- Advisory published
- 2024-11-22
- Advisory updated
- 2025-06-10
Who should care
Organizations operating Siemens RUGGEDCOM APE1808 devices with Palo Alto Networks Virtual NGFW, particularly in industrial control system (ICS) environments. Security teams responsible for administrative access controls and identity management on PAN-OS systems. Network administrators managing segmented management interfaces for critical infrastructure.
Technical summary
CVE-2025-0125 is an improper input neutralization vulnerability (CWE-20) in the management web interface of Palo Alto Networks PAN-OS software. The vulnerability requires an attacker to have authenticated read-write administrator privileges on the target system. With these privileges, a malicious administrator can impersonate another legitimate authenticated PAN-OS administrator. The attack complexity is low, but requires high privileges and user interaction. The vulnerability affects Siemens RUGGEDCOM APE1808 devices that incorporate Palo Alto Networks Virtual NGFW. Remediation involves upgrading to Virtual NGFW V11.1.8 and implementing access restrictions via jump box architecture.
Defensive priority
medium
Recommended defensive actions
- Restrict access to the management interface through a dedicated jump box to limit attack surface to specified IP addresses only
- Upgrade Palo Alto Networks Virtual NGFW to version 11.1.8; contact Palo Alto Networks customer support to obtain patch and update information
- Implement network segmentation to isolate management interfaces from operational networks
- Apply principle of least privilege for administrative accounts
- Monitor administrative sessions for anomalous behavior or unexpected impersonation attempts
Evidence notes
The vulnerability description and affected product information are derived from CISA CSAF advisory ICSA-24-338-02, which was initially published on 2024-11-22 and subsequently updated on 2025-05-13 to add CVE-2025-0125 along with CVE-2025-0123, CVE-2025-0124, CVE-2025-0126, and CVE-2025-0128. The advisory identifies Siemens RUGGEDCOM APE1808 as the affected product, with remediation involving upgrade to Palo Alto Networks Virtual NGFW V11.1.8.
Official resources
-
CVE-2025-0125 CVE record
CVE.org
-
CVE-2025-0125 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-11-22