CVE-2025-0136 Information

Description

Using the AES-128-CCM algorithm for IPSec on certain Palo Alto Networks PAN-OS® firewalls (PA-7500 PA-5400 PA-5400f PA-3400 PA-1600 PA-1400 and PA-400 Series) leads to unencrypted data transfer to devices that are connected to the PAN-OS firewall through IPSec.

This issue does not affect Cloud NGFWs Prisma® Access instances or PAN-OS VM-Series firewalls.

NOTE: The AES-128-CCM encryption algorithm is not recommended for use.

Reference

https://security.paloaltonetworks.com/CVE-2025-0136