CVE-2025-0127 Siemens CVE debrief

Who should care

Organizations running Palo Alto Networks VM-Series virtual firewalls, particularly those with Siemens RUGGEDCOM APE1808 deployments configured with Palo Alto Networks Virtual NGFW. Security teams managing industrial control system environments with virtualized network security infrastructure.

Technical summary

CVE-2025-0127 is a command injection vulnerability in Palo Alto Networks PAN-OS software that allows an authenticated administrator to bypass system restrictions and execute arbitrary commands as root. The vulnerability specifically affects PAN-OS VM-Series virtual firewalls and does not impact already deployed physical firewalls. Siemens RUGGEDCOM APE1808 devices configured with Palo Alto Networks Virtual NGFW are affected. The CVSS 3.1 vector is AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H, indicating a local attack vector with high privileges required but high impact on confidentiality, integrity, and availability if exploited.

Defensive priority

HIGH

Recommended defensive actions

• Upgrade Palo Alto Networks Virtual NGFW to V11.1.2-h3. Contact customer support to receive patch and update information.
• Review administrative access controls and limit administrator privileges to reduce attack surface.
• Monitor for unauthorized command execution on affected VM-Series deployments.
• Apply defense-in-depth practices for industrial control systems per CISA guidance.

Evidence notes

CVE published 2024-04-09; modified 2025-05-13. CISA CSAF advisory ICSA-24-102-04 tracks this vulnerability for Siemens RUGGEDCOM APE1808 devices configured with Palo Alto Networks Virtual NGFW. The vulnerability was added to the advisory in revision 1.6 on 2025-05-13.

Official resources