来源

关联漏洞

描述

CVE-2025-0133 Exploit

介绍

# CVE-2025-0133
CVE-2025-0133 Exploit
CVE-2025-0133 is a reflected cross-site scripting (XSS) vulnerability in the GlobalProtect™ gateway and portal features of Palo Alto Networks PAN-OS® software. An authenticated user with access to the Captive Portal can be tricked into clicking a specially crafted link, leading to the execution of arbitrary JavaScript in the context of their browser. This could result in session hijacking, credential theft, or other client-side attacks.

Severity: Medium (CVSS v3.1 Base Score: 6.1; Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
Affected Versions:

PAN-OS 11.2 < 11.2.7
PAN-OS 11.1 < 11.1.11
PAN-OS 10.2 < 10.2.17


Published: May 14, 2025
Vendor Advisory: Palo Alto Networks Security Advisory
NVD Entry: CVE-2025-0133

Impact:

Execution of malicious JavaScript in the victim's browser.
Potential for phishing, data exfiltration, or further exploitation if combined with other vulnerabilities.
Limited impact on confidentiality for Clientless VPN users due to inherent risks (see PAN-SA-2025-0005).

文件快照

 [4.0K]  /data/pocs/d351046d25c94033736c162112f02ff35e34e903
├── [ 878]  POC.txt
└── [1.0K]  README.md

0 directories, 2 files

备注