PatchSiren cyber security CVE debrief
CVE-2025-0128 Palo Alto Networks CVE debrief
A denial-of-service vulnerability in the Simple Certificate Enrollment Protocol (SCEP) authentication feature of Palo Alto Networks PAN-OS software allows unauthenticated attackers to trigger system reboots via maliciously crafted packets. Repeated exploitation can force affected firewalls into maintenance mode, causing sustained service disruption. The vulnerability affects Siemens RUGGEDCOM APE1808 devices running Palo Alto Networks Virtual NGFW. This issue was first documented in CISA advisory ICSA-24-338-02 on November 22, 2024, with CVE-2025-0128 added in a revision dated May 13, 2025. The CVSS 3.1 score of 7.5 reflects high availability impact with low attack complexity and no required privileges or user interaction.
- Vendor
- Palo Alto Networks
- Product
- RUGGEDCOM APE1808
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-11-22
- Original CVE updated
- 2025-06-10
- Advisory published
- 2024-11-22
- Advisory updated
- 2025-06-10
Who should care
Organizations operating Siemens RUGGEDCOM APE1808 devices with Palo Alto Networks Virtual NGFW, particularly in industrial control system and OT environments where firewall availability is critical for network segmentation and security enforcement. Security teams responsible for SCEP certificate enrollment infrastructure and network administrators managing PAN-OS deployments should prioritize this remediation.
Technical summary
The vulnerability exists in the SCEP authentication implementation within Palo Alto Networks PAN-OS software. An unauthenticated remote attacker can send a specially crafted packet to trigger a system reboot. Repeated successful attacks cause the firewall to enter maintenance mode, resulting in persistent denial of service. The attack vector is network-based with low complexity, requiring no privileges or user interaction. This affects Siemens RUGGEDCOM APE1808 industrial devices when deployed with Palo Alto Networks Virtual NGFW.
Defensive priority
HIGH
Recommended defensive actions
- Upgrade Palo Alto Networks Virtual NGFW to version 11.1.8 or later per vendor guidance
- Contact Palo Alto Networks customer support to obtain patch and update information for affected deployments
- Monitor SCEP authentication traffic for anomalous patterns that may indicate exploitation attempts
- Implement network segmentation to restrict SCEP traffic to authorized sources only
- Review firewall logs for unexpected system reboots or maintenance mode entries
- Apply defense-in-depth strategies for industrial control system environments per CISA guidance
Evidence notes
The vulnerability description and affected product information are derived from CISA CSAF advisory ICSA-24-338-02, which documents this as a Palo Alto Networks PAN-OS vulnerability affecting Siemens RUGGEDCOM APE1808 deployments. The advisory was initially published November 22, 2024, with CVE-2025-0128 added in revision 5 dated May 13, 2025. The source indicates upgrade to Palo Alto Networks Virtual NGFW V11.1.8 as remediation.
Official resources
-
CVE-2025-0128 CVE record
CVE.org
-
CVE-2025-0128 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-11-22