PatchSiren cyber security CVE debrief
CVE-2025-0137 Palo Alto Networks CVE debrief
An improper input neutralization vulnerability in the management web interface of Palo Alto Networks PAN-OSĀ® software enables a malicious authenticated read-write administrator to impersonate another legitimate authenticated PAN-OS administrator. This vulnerability affects Siemens RUGGEDCOM APE1808 devices that incorporate Palo Alto Networks Virtual NGFW. The issue was first published on November 22, 2024, and most recently updated on June 10, 2025, when CVE-2025-0137 was added to the advisory. The vulnerability requires high privileges (authenticated read-write administrator) and user interaction, resulting in a CVSS 3.1 score of 3.5 (Low severity). Attackers with existing administrative access could exploit this flaw to impersonate other legitimate administrators, potentially escalating their effective privileges or obscuring their actions. The attack vector is network-based with low attack complexity. Siemens and CISA recommend restricting management interface access to a dedicated jump box to reduce exposure, and upgrading to Palo Alto Networks Virtual NGFW V11.1.8 to address the underlying vulnerability.
- Vendor
- Palo Alto Networks
- Product
- RUGGEDCOM APE1808
- CVSS
- LOW 3.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-11-22
- Original CVE updated
- 2025-06-10
- Advisory published
- 2024-11-22
- Advisory updated
- 2025-06-10
Who should care
Organizations operating Siemens RUGGEDCOM APE1808 devices with Palo Alto Networks Virtual NGFW in industrial control system (ICS) environments. Security teams responsible for administrative access controls and session management in PAN-OS deployments. OT security practitioners managing remote access to critical infrastructure network equipment.
Technical summary
The vulnerability stems from improper input neutralization in the PAN-OS management web interface. An authenticated attacker with read-write administrator privileges can manipulate input to impersonate another legitimate authenticated administrator. This is a session management or identity spoofing issue rather than authentication bypass, as the attacker must already possess valid administrative credentials. The CVSS vector indicates network attack vector, low complexity, high privileges required, user interaction required, with low impacts to confidentiality and integrity but no availability impact. The affected product is Siemens RUGGEDCOM APE1808 running Palo Alto Networks Virtual NGFW. Remediation involves both architectural controls (jump box restriction) and software updates (upgrade to V11.1.8).
Defensive priority
medium
Recommended defensive actions
- Restrict management interface access to a dedicated jump box as the only system permitted to access the management interface
- Upgrade Palo Alto Networks Virtual NGFW to version 11.1.8; contact Palo Alto Networks customer support to receive patch and update information
- Apply network segmentation to limit administrative access to trusted IP addresses only
- Monitor administrative sessions for anomalous impersonation or privilege escalation indicators
- Review and validate administrative account assignments and session logs regularly
Evidence notes
CVE published 2024-11-22; modified 2025-06-10 when CVE-2025-0137 added per revision history. CVSS 3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N. Affects RUGGEDCOM APE1808 with Palo Alto Networks Virtual NGFW.
Official resources
-
CVE-2025-0137 CVE record
CVE.org
-
CVE-2025-0137 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-11-22