CVE-2025-0130 Palo Alto Networks CVE debrief

Who should care

Organizations operating Siemens RUGGEDCOM APE1808 devices with Palo Alto Networks Virtual NGFW, particularly in industrial control system (ICS) and operational technology (OT) environments where firewall availability is critical for network segmentation and security. Security teams responsible for PAN-OS deployments with web proxy features enabled should prioritize assessment and remediation.

Technical summary

This vulnerability exists in Palo Alto Networks PAN-OS software when the web proxy feature is enabled. An unauthenticated attacker can exploit a missing exception check by sending a burst of maliciously crafted packets, causing the firewall to become unresponsive and eventually reboot. Repeated successful exploitation attempts can force the firewall into maintenance mode, resulting in extended service disruption. The attack vector is network-based with high attack complexity, requiring no privileges or user interaction. The vulnerability has no impact on confidentiality or integrity but results in high availability impact.

Defensive priority

medium

Recommended defensive actions

• Disable the web proxy feature if not necessary as an immediate mitigation
• Upgrade Palo Alto Networks Virtual NGFW to version 11.1.8 or later
• Contact Palo Alto Networks customer support to receive patch and update information
• Monitor firewall logs for unusual packet bursts or unexpected reboot events
• Review and apply CISA ICS recommended practices for defense-in-depth strategies

Evidence notes

Source: CISA CSAF advisory ICSA-24-338-02, with revision history confirming CVE-2025-0130 added in version 1.5 on 2025-06-10. The vulnerability description is drawn directly from the source item description field. Affected product confirmed as Siemens RUGGEDCOM APE1808 with Palo Alto Networks Virtual NGFW.

Official resources