A critical denial-of-service vulnerability in Palo Alto Networks PAN-OS allows unauthenticated attackers to remotely reboot firewalls by sending specially crafted packets through the data plane. Security researchers warn that repeated exploitation can push affected devices into maintenance mode, effectively disabling network protection and exposing organizations to secondary attacks. The flaw impacts PA-Series and VM-Series firewalls, as well as Prisma Access deployments across multiple PAN-OS versions, while Cloud NGFW environments remain unaffected.
Vulnerability Details
CVE-2025-4619 is a PAN-OS vulnerability affecting PA-Series and VM-Series firewalls and Prisma Access deployments, allowing unauthenticated attackers to reboot devices by sending malicious data-plane packets. With a CVSS 4.0 score of 6.6 (base 8.7), the flaw has high availability impact, low attack complexity, and requires no privileges or user interaction, posing a serious risk to systems exposed to the internet. The issue can also be exploited even when traffic doesn’t match explicit decrypt or no-decrypt policies, widening the attack surface for affected organizations.
Affected Products
| Versions | Affected | Unaffected |
|---|---|---|
| Cloud NGFW | None | All |
| PAN-OS 12.1 | None | All |
| PAN-OS 11.2 | < 11.2.2-h2 < 11.2.3-h6 < 11.2.4-h4 < 11.2.5 | >= 11.2.2-h2 >= 11.2.3-h6 >= 11.2.4-h4 >= 11.2.5 |
| PAN-OS 11.1 | >= 11.1.2-h9 < 11.1.2-h18 >= 11.1.3-h2 >= 11.1.4-h4 < 11.1.4-h13 < 11.1.6-h1 < 11.1.7 | < 11.1.2-h9 >= 11.1.2-h18 < 11.1.3-h2 < 11.1.4-h4 >= 11.1.4-h13 >= 11.1.6-h1 >= 11.1.7 |
| PAN-OS 10.2 | >= 10.2.4-h25 >= 10.2.7-h11 < 10.2.7-h24 >= 10.2.8-h10 < 10.2.8-h21 >= 10.2.9-h6 < 10.2.9-h21 >= 10.2.10-h2 < 10.2.10-h14 < 10.2.11-h12 < 10.2.12-h6 < 10.2.13-h3 < 10.2.14 | < 10.2.4-h25 < 10.2.7-h11 >= 10.2.7-h24 < 10.2.8-h10 >= 10.2.8-h21 < 10.2.9-h6 >= 10.2.9-h21 < 10.2.10-h2 >= 10.2.10-h14 >= 10.2.11-h12 >= 10.2.12-h6 >= 10.2.13-h3 >= 10.2.14 |
| PAN-OS 10.1 | None | All |
| Prisma Access | >= 10.2.4-h25 on PAN-OS < 10.2.10-h14 on PAN-OS < 11.2.4-h4 on PAN-OS | < 10.2.4-h25 on PAN-OS >= 10.2.10-h14 on PAN-OS >= 11.2.4-h4 on PAN-OS |
Tactics, Techniques, and Procedures (TTPs)
An attacker could exploit this vulnerability using the following tactics, techniques, and procedures:
- TA0011 – Command and Control: Use of application layer protocols to deliver malicious payloads.
- TA0005 – Defense Evasion: Attempts to bypass security measures by impairing defenses through system reboot.
- TA0040 – Impact: Causing a denial-of-service condition, disrupting system availability.
- T1071 – Application Layer Protocol: Exploiting web protocols to send malicious packets.
- T1029 – System Shutdown/Reboot: Forcing a system to shut down or reboot to impair its functionality.
- T1499 – Endpoint Denial of Service: Causing a denial-of-service condition on the targeted endpoint.
Mitigation & Remediation
Palo Alto Networks has released patched versions to address this vulnerability. Organizations using affected PAN-OS versions should upgrade to the recommended versions or apply the appropriate hotfixes as soon as possible.
- PAN-OS 10.2 users: Upgrade to version 10.2.14 or apply hotfix version 10.2.13-h3 or later.
- PAN-OS 11.1 customers: Upgrade to version 11.1.7 or apply hotfixes 11.1.6-h1 or 11.1.4-h13.
- PAN-OS 11.2 administrators: Upgrade to version 11.2.5 or apply corresponding hotfixes.
There are currently no known workarounds for organizations unable to patch immediately, underscoring the importance of prompt remediation to maintain a strong security posture.
Instantly Fix Risks with Saner Patch Management
Saner patch management is a continuous, automated, and integrated software that instantly fixes risks exploited in the wild. The software supports major operating systems like Windows, Linux, and macOS, as well as 550+ third-party applications.
It also allows you to set up a safe testing area to test patches before deploying them in a primary production environment. Saner patch management additionally supports a patch rollback feature in case of patch failure or a system malfunction.
Experience the fastest and most accurate patching software here.