216/68 Monday, June 16, 2025
Palo Alto Networks has released multiple security patches across its products, including fixes for seven privilege escalation vulnerabilities and a set of Chrome security updates for the Prisma Access Browser. The most critical flaw, CVE-2025-4232 (CVSS score: 7.1), is an improper neutralization of wildcards in the log collection feature of GlobalProtect™ on macOS, allowing non-admin users to escalate privileges and gain root access.
Other notable vulnerabilities include:
- CVE-2025-4231 (CVSS 6.1): A command injection flaw in the PAN-OS Management Web Interface, enabling authenticated administrators to execute commands with root privileges.
- CVE-2025-4230 (CVSS 5.7): A command injection issue via the PAN-OS CLI; Palo Alto recommends restricting CLI access as a precaution.
- CVE-2025-4228 (CVSS 1.0): A flaw causing unencrypted exposure of SD-WAN configuration data.
- A privilege escalation vulnerability in Cortex XDR Broker VM that could allow attackers to elevate privileges to root.
Additionally, the update includes 11 Chrome-related patches, notably addressing CVE-2025-4233, a cache vulnerability affecting the Prisma Access Browser. Palo Alto Networks confirms that no in-the-wild exploitation of these vulnerabilities has been detected so far. It also clarifies that Cloud NGFW and Prisma Access products are not affected by these issues.
