CVE-2025-0126 Information

Description

When configured using SAML a session fixation vulnerability in the GlobalProtect™ login enables an attacker to impersonate a legitimate authorized user and perform actions as that GlobalProtect user. This requires the legitimate user to first click on a malicious link provided by the attacker.

The SAML login for the PAN-OS® management interface is not affected. Additionally this issue does not affect Cloud NGFW and all Prisma® Access instances are proactively patched.

Reference

https://security.paloaltonetworks.com/CVE-2025-0126