Search criteria
6 vulnerabilities found for Prisma Browser by Palo Alto Networks
CVE-2025-4618 (GCVE-0-2025-4618)
Vulnerability from cvelistv5 – Published: 2025-11-14 17:53 – Updated: 2025-11-17 19:14
VLAI?
Summary
A sensitive information disclosure vulnerability in Palo Alto Networks Prisma® Browser allows a locally authenticated non-admin user to retrieve sensitive data from Prisma Browser.
Browser self-protection should be enabled to mitigate this issue.
Severity ?
CWE
- CWE-316 - Cleartext Storage of Sensitive Information in Memory
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palo Alto Networks | Prisma Browser |
Affected:
142.15.6.0 , ≤ 142.15.6.60
(custom)
|
Credits
Palo Alto Networks thanks Tan Inn Fung, Yu Ann Ong, Zhang Bosen from the GovTech Cybersecurity Group for discovering and reporting this issue.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4618",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-17T19:13:45.362298Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-17T19:14:40.902Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Prisma Browser",
"vendor": "Palo Alto Networks",
"versions": [
{
"lessThanOrEqual": "142.15.6.60",
"status": "affected",
"version": "142.15.6.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "No special configuration is required to be affected by this issue."
}
],
"value": "No special configuration is required to be affected by this issue."
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:palo_alto_networks:prisma_browser:*:*:*:*:*:*:*:*",
"versionEndIncluding": "142.15.6.60",
"versionStartIncluding": "142.15.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Palo Alto Networks thanks Tan Inn Fung, Yu Ann Ong, Zhang Bosen from the GovTech Cybersecurity Group for discovering and reporting this issue."
}
],
"datePublic": "2025-11-12T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A sensitive information disclosure vulnerability in Palo Alto Networks Prisma\u00ae Browser allows a locally authenticated non-admin user to retrieve sensitive data from Prisma Browser.\u003cbr\u003e\u003cbr\u003eBrowser self-protection should be enabled to mitigate this issue."
}
],
"value": "A sensitive information disclosure vulnerability in Palo Alto Networks Prisma\u00ae Browser allows a locally authenticated non-admin user to retrieve sensitive data from Prisma Browser.\n\nBrowser self-protection should be enabled to mitigate this issue."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"impacts": [
{
"capecId": "CAPEC-679",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-679: Exploitation of Improperly Configured or Implemented Memory Protections"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"exploitMaturity": "UNREPORTED",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-316",
"description": "CWE-316: Cleartext Storage of Sensitive Information in Memory",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-14T17:53:38.487Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2025-4618"
}
],
"solutions": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003cbr\u003e\u003c/th\u003e\u003cth\u003eMinor Version\u003cbr\u003e\u003c/th\u003e\u003cth\u003eSuggested Solution\u003cbr\u003e\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003ePrisma Browser\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003ctd\u003eUpgrade\u0026nbsp;142.15.6.60 to or later.\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
}
],
"value": "Version\nMinor Version\nSuggested Solution\nPrisma BrowserUpgrade\u00a0142.15.6.60 to or later."
}
],
"source": {
"defect": [
"TW-23909"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2025-09-10T16:00:00.000Z",
"value": "Initial Publication"
}
],
"title": "Prisma Browser: Sensitive Information Disclosure Vulnerability in Prisma Browser",
"workarounds": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "No workaround or mitigation is available."
}
],
"value": "No workaround or mitigation is available."
}
],
"x_affectedList": [
"Prisma Browser 142.15.0",
"Prisma Browser 142.15.1",
"Prisma Browser 142.15.2",
"Prisma Browser 142.15.3",
"Prisma Browser 142.15.4",
"Prisma Browser 142.15.5"
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2025-4618",
"datePublished": "2025-11-14T17:53:38.487Z",
"dateReserved": "2025-05-12T22:05:16.328Z",
"dateUpdated": "2025-11-17T19:14:40.902Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-4617 (GCVE-0-2025-4617)
Vulnerability from cvelistv5 – Published: 2025-11-14 17:51 – Updated: 2025-11-14 18:45
VLAI?
Summary
An insufficient policy enforcement vulnerability in Palo Alto Networks Prisma® Browser on Windows allows a locally authenticated non-admin user to bypass the screenshot control feature of the browser.
Browser self-protection should be enabled to mitigate this issue.
Severity ?
CWE
- CWE-424 - Improper Protection of Alternate Path
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palo Alto Networks | Prisma Browser |
Affected:
142.15.6.0 , ≤ 142.15.6.60
(custom)
|
Credits
Palo Alto Networks thanks Tan Inn Fung, Yu Ann Ong, Zhang Bosen from the GovTech Cybersecurity Group for discovering and reporting this issue.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4617",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-14T18:45:25.843189Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-14T18:45:30.974Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Prisma Browser",
"vendor": "Palo Alto Networks",
"versions": [
{
"lessThanOrEqual": "142.15.6.60",
"status": "affected",
"version": "142.15.6.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNo special configuration is required to be affected by this issue.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "No special configuration is required to be affected by this issue."
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:palo_alto_networks:prisma_browser:*:*:*:*:*:*:*:*",
"versionEndIncluding": "142.15.6.60",
"versionStartIncluding": "142.15.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Palo Alto Networks thanks Tan Inn Fung, Yu Ann Ong, Zhang Bosen from the GovTech Cybersecurity Group for discovering and reporting this issue."
}
],
"datePublic": "2025-11-12T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An insufficient policy enforcement vulnerability in Palo Alto Networks Prisma\u00ae Browser on Windows allows a locally authenticated non-admin user to bypass the screenshot control feature of the browser.\u003cbr\u003e\u003cbr\u003e\u003cbr\u003eBrowser self-protection should be enabled to mitigate this issue."
}
],
"value": "An insufficient policy enforcement vulnerability in Palo Alto Networks Prisma\u00ae Browser on Windows allows a locally authenticated non-admin user to bypass the screenshot control feature of the browser.\n\n\nBrowser self-protection should be enabled to mitigate this issue."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"impacts": [
{
"capecId": "CAPEC-554",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-554: Functionality Bypass"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NEGLIGIBLE",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 1.1,
"baseSeverity": "LOW",
"exploitMaturity": "UNREPORTED",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/S:N/AU:N/R:U/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-424",
"description": "CWE-424: Improper Protection of Alternate Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-14T17:51:36.442Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2025-4617"
}
],
"solutions": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003cbr\u003e\u003c/th\u003e\u003cth\u003eMinor Version\u003cbr\u003e\u003c/th\u003e\u003cth\u003eSuggested Solution\u003cbr\u003e\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003ePrisma Browser 0\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003ctd\u003eUpgrade to or later.\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
}
],
"value": "Version\nMinor Version\nSuggested Solution\nPrisma Browser 0Upgrade to or later."
}
],
"source": {
"defect": [
"TW-23909"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2025-11-12T17:00:00.000Z",
"value": "Initial Publication"
}
],
"title": "Prisma Browser: Insufficient Policy Enforcement Vulnerability in Prisma Browser",
"workarounds": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "No known workarounds exist for this issue."
}
],
"value": "No known workarounds exist for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2025-4617",
"datePublished": "2025-11-14T17:51:36.442Z",
"dateReserved": "2025-05-12T22:05:15.363Z",
"dateUpdated": "2025-11-14T18:45:30.974Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-4616 (GCVE-0-2025-4616)
Vulnerability from cvelistv5 – Published: 2025-11-14 17:33 – Updated: 2025-11-17 20:39
VLAI?
Summary
An insufficient validation of an untrusted input vulnerability in Palo Alto Networks Prisma® Browser allows a locally authenticated non-admin user to revert the browser’s security controls.
Severity ?
CWE
- CWE-354 - Improper Validation of Integrity Check Value
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palo Alto Networks | Prisma Browser |
Affected:
142.15.6.0 , ≤ 142.15.6.60
(custom)
|
Credits
Palo Alto Networks thanks Tan Inn Fung, Yu Ann Ong, Zhang Bosen from the GovTech Cybersecurity Group for discovering and reporting this issue.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4616",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-17T20:39:14.854172Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-17T20:39:22.564Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Prisma Browser",
"vendor": "Palo Alto Networks",
"versions": [
{
"lessThanOrEqual": "142.15.6.60",
"status": "affected",
"version": "142.15.6.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "No special configuration is required to be affected by this issue."
}
],
"value": "No special configuration is required to be affected by this issue."
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Palo Alto Networks thanks Tan Inn Fung, Yu Ann Ong, Zhang Bosen from the GovTech Cybersecurity Group for discovering and reporting this issue."
}
],
"datePublic": "2025-11-12T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An insufficient validation of an untrusted input vulnerability in Palo Alto Networks Prisma\u00ae Browser allows a locally authenticated non-admin user to revert the browser\u2019s security controls."
}
],
"value": "An insufficient validation of an untrusted input vulnerability in Palo Alto Networks Prisma\u00ae Browser allows a locally authenticated non-admin user to revert the browser\u2019s security controls."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"impacts": [
{
"capecId": "CAPEC-475",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-475 Signature Spoofing by Improper Validation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 1.1,
"baseSeverity": "LOW",
"exploitMaturity": "UNREPORTED",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-354",
"description": "CWE-354: Improper Validation of Integrity Check Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-14T18:43:08.447Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2025-4616"
}
],
"solutions": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ctable class=\"tbl\"\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003cbr\u003e\u003c/th\u003e\u003cth\u003eMinor Version\u003cbr\u003e\u003c/th\u003e\u003cth\u003eSuggested Solution\u003cbr\u003e\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003ePrisma Browser\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003ctd\u003eUpgrade to\u0026nbsp;142.15.6.60 \u0026nbsp;or later.\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
}
],
"value": "Version\nMinor Version\nSuggested Solution\nPrisma BrowserUpgrade to\u00a0142.15.6.60 \u00a0or later."
}
],
"source": {
"defect": [
"TW-29034"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2025-11-12T17:00:00.000Z",
"value": "Initial Publication"
}
],
"title": "Prisma Browser: Insufficient Validation of Untrusted Input Vulnerability in Prisma Browser",
"workarounds": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "No workaround or mitigation is available."
}
],
"value": "No workaround or mitigation is available."
}
],
"x_affectedList": [
"Prisma Browser 140.26.0",
"Prisma Browser 140.26.1",
"Prisma Browser 140.26.2",
"Prisma Browser 140.26.3"
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2025-4616",
"datePublished": "2025-11-14T17:33:21.420Z",
"dateReserved": "2025-05-12T22:05:14.544Z",
"dateUpdated": "2025-11-17T20:39:22.564Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-4618 (GCVE-0-2025-4618)
Vulnerability from nvd – Published: 2025-11-14 17:53 – Updated: 2025-11-17 19:14
VLAI?
Summary
A sensitive information disclosure vulnerability in Palo Alto Networks Prisma® Browser allows a locally authenticated non-admin user to retrieve sensitive data from Prisma Browser.
Browser self-protection should be enabled to mitigate this issue.
Severity ?
CWE
- CWE-316 - Cleartext Storage of Sensitive Information in Memory
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palo Alto Networks | Prisma Browser |
Affected:
142.15.6.0 , ≤ 142.15.6.60
(custom)
|
Credits
Palo Alto Networks thanks Tan Inn Fung, Yu Ann Ong, Zhang Bosen from the GovTech Cybersecurity Group for discovering and reporting this issue.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4618",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-17T19:13:45.362298Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-17T19:14:40.902Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Prisma Browser",
"vendor": "Palo Alto Networks",
"versions": [
{
"lessThanOrEqual": "142.15.6.60",
"status": "affected",
"version": "142.15.6.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "No special configuration is required to be affected by this issue."
}
],
"value": "No special configuration is required to be affected by this issue."
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:palo_alto_networks:prisma_browser:*:*:*:*:*:*:*:*",
"versionEndIncluding": "142.15.6.60",
"versionStartIncluding": "142.15.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Palo Alto Networks thanks Tan Inn Fung, Yu Ann Ong, Zhang Bosen from the GovTech Cybersecurity Group for discovering and reporting this issue."
}
],
"datePublic": "2025-11-12T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A sensitive information disclosure vulnerability in Palo Alto Networks Prisma\u00ae Browser allows a locally authenticated non-admin user to retrieve sensitive data from Prisma Browser.\u003cbr\u003e\u003cbr\u003eBrowser self-protection should be enabled to mitigate this issue."
}
],
"value": "A sensitive information disclosure vulnerability in Palo Alto Networks Prisma\u00ae Browser allows a locally authenticated non-admin user to retrieve sensitive data from Prisma Browser.\n\nBrowser self-protection should be enabled to mitigate this issue."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"impacts": [
{
"capecId": "CAPEC-679",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-679: Exploitation of Improperly Configured or Implemented Memory Protections"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"exploitMaturity": "UNREPORTED",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-316",
"description": "CWE-316: Cleartext Storage of Sensitive Information in Memory",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-14T17:53:38.487Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2025-4618"
}
],
"solutions": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003cbr\u003e\u003c/th\u003e\u003cth\u003eMinor Version\u003cbr\u003e\u003c/th\u003e\u003cth\u003eSuggested Solution\u003cbr\u003e\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003ePrisma Browser\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003ctd\u003eUpgrade\u0026nbsp;142.15.6.60 to or later.\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
}
],
"value": "Version\nMinor Version\nSuggested Solution\nPrisma BrowserUpgrade\u00a0142.15.6.60 to or later."
}
],
"source": {
"defect": [
"TW-23909"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2025-09-10T16:00:00.000Z",
"value": "Initial Publication"
}
],
"title": "Prisma Browser: Sensitive Information Disclosure Vulnerability in Prisma Browser",
"workarounds": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "No workaround or mitigation is available."
}
],
"value": "No workaround or mitigation is available."
}
],
"x_affectedList": [
"Prisma Browser 142.15.0",
"Prisma Browser 142.15.1",
"Prisma Browser 142.15.2",
"Prisma Browser 142.15.3",
"Prisma Browser 142.15.4",
"Prisma Browser 142.15.5"
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2025-4618",
"datePublished": "2025-11-14T17:53:38.487Z",
"dateReserved": "2025-05-12T22:05:16.328Z",
"dateUpdated": "2025-11-17T19:14:40.902Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-4617 (GCVE-0-2025-4617)
Vulnerability from nvd – Published: 2025-11-14 17:51 – Updated: 2025-11-14 18:45
VLAI?
Summary
An insufficient policy enforcement vulnerability in Palo Alto Networks Prisma® Browser on Windows allows a locally authenticated non-admin user to bypass the screenshot control feature of the browser.
Browser self-protection should be enabled to mitigate this issue.
Severity ?
CWE
- CWE-424 - Improper Protection of Alternate Path
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palo Alto Networks | Prisma Browser |
Affected:
142.15.6.0 , ≤ 142.15.6.60
(custom)
|
Credits
Palo Alto Networks thanks Tan Inn Fung, Yu Ann Ong, Zhang Bosen from the GovTech Cybersecurity Group for discovering and reporting this issue.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4617",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-14T18:45:25.843189Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-14T18:45:30.974Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Prisma Browser",
"vendor": "Palo Alto Networks",
"versions": [
{
"lessThanOrEqual": "142.15.6.60",
"status": "affected",
"version": "142.15.6.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNo special configuration is required to be affected by this issue.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "No special configuration is required to be affected by this issue."
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:palo_alto_networks:prisma_browser:*:*:*:*:*:*:*:*",
"versionEndIncluding": "142.15.6.60",
"versionStartIncluding": "142.15.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Palo Alto Networks thanks Tan Inn Fung, Yu Ann Ong, Zhang Bosen from the GovTech Cybersecurity Group for discovering and reporting this issue."
}
],
"datePublic": "2025-11-12T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An insufficient policy enforcement vulnerability in Palo Alto Networks Prisma\u00ae Browser on Windows allows a locally authenticated non-admin user to bypass the screenshot control feature of the browser.\u003cbr\u003e\u003cbr\u003e\u003cbr\u003eBrowser self-protection should be enabled to mitigate this issue."
}
],
"value": "An insufficient policy enforcement vulnerability in Palo Alto Networks Prisma\u00ae Browser on Windows allows a locally authenticated non-admin user to bypass the screenshot control feature of the browser.\n\n\nBrowser self-protection should be enabled to mitigate this issue."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"impacts": [
{
"capecId": "CAPEC-554",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-554: Functionality Bypass"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NEGLIGIBLE",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 1.1,
"baseSeverity": "LOW",
"exploitMaturity": "UNREPORTED",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/S:N/AU:N/R:U/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-424",
"description": "CWE-424: Improper Protection of Alternate Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-14T17:51:36.442Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2025-4617"
}
],
"solutions": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003cbr\u003e\u003c/th\u003e\u003cth\u003eMinor Version\u003cbr\u003e\u003c/th\u003e\u003cth\u003eSuggested Solution\u003cbr\u003e\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003ePrisma Browser 0\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003ctd\u003eUpgrade to or later.\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
}
],
"value": "Version\nMinor Version\nSuggested Solution\nPrisma Browser 0Upgrade to or later."
}
],
"source": {
"defect": [
"TW-23909"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2025-11-12T17:00:00.000Z",
"value": "Initial Publication"
}
],
"title": "Prisma Browser: Insufficient Policy Enforcement Vulnerability in Prisma Browser",
"workarounds": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "No known workarounds exist for this issue."
}
],
"value": "No known workarounds exist for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2025-4617",
"datePublished": "2025-11-14T17:51:36.442Z",
"dateReserved": "2025-05-12T22:05:15.363Z",
"dateUpdated": "2025-11-14T18:45:30.974Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-4616 (GCVE-0-2025-4616)
Vulnerability from nvd – Published: 2025-11-14 17:33 – Updated: 2025-11-17 20:39
VLAI?
Summary
An insufficient validation of an untrusted input vulnerability in Palo Alto Networks Prisma® Browser allows a locally authenticated non-admin user to revert the browser’s security controls.
Severity ?
CWE
- CWE-354 - Improper Validation of Integrity Check Value
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palo Alto Networks | Prisma Browser |
Affected:
142.15.6.0 , ≤ 142.15.6.60
(custom)
|
Credits
Palo Alto Networks thanks Tan Inn Fung, Yu Ann Ong, Zhang Bosen from the GovTech Cybersecurity Group for discovering and reporting this issue.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4616",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-17T20:39:14.854172Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-17T20:39:22.564Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Prisma Browser",
"vendor": "Palo Alto Networks",
"versions": [
{
"lessThanOrEqual": "142.15.6.60",
"status": "affected",
"version": "142.15.6.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "No special configuration is required to be affected by this issue."
}
],
"value": "No special configuration is required to be affected by this issue."
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Palo Alto Networks thanks Tan Inn Fung, Yu Ann Ong, Zhang Bosen from the GovTech Cybersecurity Group for discovering and reporting this issue."
}
],
"datePublic": "2025-11-12T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An insufficient validation of an untrusted input vulnerability in Palo Alto Networks Prisma\u00ae Browser allows a locally authenticated non-admin user to revert the browser\u2019s security controls."
}
],
"value": "An insufficient validation of an untrusted input vulnerability in Palo Alto Networks Prisma\u00ae Browser allows a locally authenticated non-admin user to revert the browser\u2019s security controls."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"impacts": [
{
"capecId": "CAPEC-475",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-475 Signature Spoofing by Improper Validation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 1.1,
"baseSeverity": "LOW",
"exploitMaturity": "UNREPORTED",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-354",
"description": "CWE-354: Improper Validation of Integrity Check Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-14T18:43:08.447Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2025-4616"
}
],
"solutions": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ctable class=\"tbl\"\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003cbr\u003e\u003c/th\u003e\u003cth\u003eMinor Version\u003cbr\u003e\u003c/th\u003e\u003cth\u003eSuggested Solution\u003cbr\u003e\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003ePrisma Browser\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003ctd\u003eUpgrade to\u0026nbsp;142.15.6.60 \u0026nbsp;or later.\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
}
],
"value": "Version\nMinor Version\nSuggested Solution\nPrisma BrowserUpgrade to\u00a0142.15.6.60 \u00a0or later."
}
],
"source": {
"defect": [
"TW-29034"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2025-11-12T17:00:00.000Z",
"value": "Initial Publication"
}
],
"title": "Prisma Browser: Insufficient Validation of Untrusted Input Vulnerability in Prisma Browser",
"workarounds": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "No workaround or mitigation is available."
}
],
"value": "No workaround or mitigation is available."
}
],
"x_affectedList": [
"Prisma Browser 140.26.0",
"Prisma Browser 140.26.1",
"Prisma Browser 140.26.2",
"Prisma Browser 140.26.3"
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2025-4616",
"datePublished": "2025-11-14T17:33:21.420Z",
"dateReserved": "2025-05-12T22:05:14.544Z",
"dateUpdated": "2025-11-17T20:39:22.564Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}