cvelistv5 - CVE-2025-2180

CVE-2025-2180 (GCVE-0-2025-2180)

Vulnerability from cvelistv5 – Published: 2025-08-13 17:02 – Updated: 2025-08-13 17:21

Summary

An unsafe deserialization vulnerability in Palo Alto Networks Checkov by Prisma® Cloud allows an authenticated user to execute arbitrary code as a non administrative user by scanning a malicious terraform file when using Checkov in Prisma® Cloud. This issue impacts Checkov 3.0 versions earlier than Checkov 3.2.415.

Severity ?

4.8 (Medium)


                        
                          CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L/AU:N/R:U/V:D/RE:M/U:Amber

CWE

CWE-502 - Deserialization of Untrusted Data

Assigner

palo_alto

References

URL

Tags

https://security.paloaltonetworks.com/CVE-2025-2180

vendor-advisory

Impacted products

	Vendor	Product	Version
	Palo Alto Networks	Checkov by Prisma Cloud	Affected: 3.2.0 , < 3.2.415 (custom)

Credits

Palo Alto Networks thanks Bryan Eastes for discovering and reporting this issue.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-2180",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-13T17:20:30.282985Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-13T17:21:30.216Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Checkov by Prisma Cloud",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "changes": [
                {
                  "at": "3.2.415",
                  "status": "unaffected"
                }
              ],
              "lessThan": "3.2.415",
              "status": "affected",
              "version": "3.2.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan\u003eNo special configuration is required to be vulnerable to this issue.\u003c/span\u003e"
            }
          ],
          "value": "No special configuration is required to be vulnerable to this issue."
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Palo Alto Networks thanks Bryan Eastes for discovering and reporting this issue."
        }
      ],
      "datePublic": "2025-08-13T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An unsafe deserialization vulnerability in Palo Alto Networks Checkov by Prisma\u00ae Cloud allows an authenticated user to execute arbitrary code as a non administrative user by scanning a malicious terraform file when using Checkov in Prisma\u00ae Cloud.\u003cbr\u003e\u003cbr\u003eThis issue impacts Checkov 3.0 versions earlier than Checkov 3.2.415."
            }
          ],
          "value": "An unsafe deserialization vulnerability in Palo Alto Networks Checkov by Prisma\u00ae Cloud allows an authenticated user to execute arbitrary code as a non administrative user by scanning a malicious terraform file when using Checkov in Prisma\u00ae Cloud.\n\nThis issue impacts Checkov 3.0 versions earlier than Checkov 3.2.415."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
            }
          ],
          "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-248",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-248 Command Injection"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NO",
            "Recovery": "USER",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "providerUrgency": "AMBER",
            "subAvailabilityImpact": "LOW",
            "subConfidentialityImpact": "LOW",
            "subIntegrityImpact": "LOW",
            "userInteraction": "PASSIVE",
            "valueDensity": "DIFFUSE",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L/AU:N/R:U/V:D/RE:M/U:Amber",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "MODERATE"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "If the user scans infrastructure as code (IaC) files from untrusted sources."
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-502",
              "description": "CWE-502 Deserialization of Untrusted Data",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-13T17:02:47.899Z",
        "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "shortName": "palo_alto"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.paloaltonetworks.com/CVE-2025-2180"
        }
      ],
      "solutions": [
        {
          "lang": "eng",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003ctable class=\"tbl\"\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003cbr\u003e\u003c/th\u003e\u003cth\u003eMinor Version\u003cbr\u003e\u003c/th\u003e\u003cth\u003eSuggested Solution\u003cbr\u003e\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\n                                \u003ctd\u003eCheckov by Prisma Cloud 3.2\u003cbr\u003e\u003c/td\u003e\n                                \u003ctd\u003e3.2.0 through 3.2.414\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 3.2.415 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
            }
          ],
          "value": "Version\nMinor Version\nSuggested Solution\n\n                                Checkov by Prisma Cloud 3.2\n\n                                3.2.0 through 3.2.414\n                                Upgrade to 3.2.415 or later."
        }
      ],
      "source": {
        "defect": [
          "BCE-44235"
        ],
        "discovery": "EXTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2025-08-13T16:00:00.000Z",
          "value": "Initial publication"
        }
      ],
      "title": "Checkov by Prisma Cloud: Unsafe Deserialization of Terraform Files Allows Code Execution",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Do not run Checkov on terraform files from untrusted sources or pull requests."
            }
          ],
          "value": "Do not run Checkov on terraform files from untrusted sources or pull requests."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
    "assignerShortName": "palo_alto",
    "cveId": "CVE-2025-2180",
    "datePublished": "2025-08-13T17:02:47.899Z",
    "dateReserved": "2025-03-10T17:56:22.502Z",
    "dateUpdated": "2025-08-13T17:21:30.216Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-2180\",\"sourceIdentifier\":\"psirt@paloaltonetworks.com\",\"published\":\"2025-08-13T17:15:25.973\",\"lastModified\":\"2025-08-13T17:33:46.673\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An unsafe deserialization vulnerability in Palo Alto Networks Checkov by Prisma\u00ae Cloud allows an authenticated user to execute arbitrary code as a non administrative user by scanning a malicious terraform file when using Checkov in Prisma\u00ae Cloud.\\n\\nThis issue impacts Checkov 3.0 versions earlier than Checkov 3.2.415.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de deserializaci\u00f3n insegura en Palo Alto Networks Checkov by Prisma\u00ae Cloud permite que un usuario autenticado ejecute c\u00f3digo arbitrario como usuario no administrativo escaneando un archivo malicioso de Terraform al usar Checkov en Prisma\u00ae Cloud. Este problema afecta a versiones de Checkov 3.0 anteriores a la 3.2.415.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"psirt@paloaltonetworks.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber\",\"baseScore\":4.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"PASSIVE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"LOW\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"LOW\",\"subIntegrityImpact\":\"LOW\",\"subAvailabilityImpact\":\"LOW\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NO\",\"Recovery\":\"USER\",\"valueDensity\":\"DIFFUSE\",\"vulnerabilityResponseEffort\":\"MODERATE\",\"providerUrgency\":\"AMBER\"}}]},\"weaknesses\":[{\"source\":\"psirt@paloaltonetworks.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-502\"}]}],\"references\":[{\"url\":\"https://security.paloaltonetworks.com/CVE-2025-2180\",\"source\":\"psirt@paloaltonetworks.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-2180\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-08-13T17:20:30.282985Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-08-13T17:21:25.289Z\"}}], \"cna\": {\"title\": \"Checkov by Prisma Cloud: Unsafe Deserialization of Terraform Files Allows Code Execution\", \"source\": {\"defect\": [\"BCE-44235\"], \"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Palo Alto Networks thanks Bryan Eastes for discovering and reporting this issue.\"}], \"impacts\": [{\"capecId\": \"CAPEC-248\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-248 Command Injection\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"USER\", \"baseScore\": 4.8, \"Automatable\": \"NO\", \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"valueDensity\": \"DIFFUSE\", \"vectorString\": \"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L/AU:N/R:U/V:D/RE:M/U:Amber\", \"providerUrgency\": \"AMBER\", \"userInteraction\": \"PASSIVE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"LOW\", \"vulnIntegrityImpact\": \"LOW\", \"subAvailabilityImpact\": \"LOW\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"LOW\", \"vulnConfidentialityImpact\": \"NONE\", \"vulnerabilityResponseEffort\": \"MODERATE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"If the user scans infrastructure as code (IaC) files from untrusted sources.\"}]}], \"affected\": [{\"vendor\": \"Palo Alto Networks\", \"product\": \"Checkov by Prisma Cloud\", \"versions\": [{\"status\": \"affected\", \"changes\": [{\"at\": \"3.2.415\", \"status\": \"unaffected\"}], \"version\": \"3.2.0\", \"lessThan\": \"3.2.415\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}], \"exploits\": [{\"lang\": \"en\", \"value\": \"Palo Alto Networks is not aware of any malicious exploitation of this issue.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Palo Alto Networks is not aware of any malicious exploitation of this issue.\", \"base64\": false}]}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2025-08-13T16:00:00.000Z\", \"value\": \"Initial publication\"}], \"solutions\": [{\"lang\": \"eng\", \"value\": \"Version\\nMinor Version\\nSuggested Solution\\n\\n                                Checkov by Prisma Cloud 3.2\\n\\n                                3.2.0 through 3.2.414\\n                                Upgrade to 3.2.415 or later.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003ctable class=\\\"tbl\\\"\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003cbr\u003e\u003c/th\u003e\u003cth\u003eMinor Version\u003cbr\u003e\u003c/th\u003e\u003cth\u003eSuggested Solution\u003cbr\u003e\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\\n                                \u003ctd\u003eCheckov by Prisma Cloud 3.2\u003cbr\u003e\u003c/td\u003e\\n                                \u003ctd\u003e3.2.0 through 3.2.414\u003c/td\u003e\\n                                \u003ctd\u003eUpgrade to 3.2.415 or later.\u003c/td\u003e\\n                            \u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\", \"base64\": false}]}], \"datePublic\": \"2025-08-13T16:00:00.000Z\", \"references\": [{\"url\": \"https://security.paloaltonetworks.com/CVE-2025-2180\", \"tags\": [\"vendor-advisory\"]}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"Do not run Checkov on terraform files from untrusted sources or pull requests.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Do not run Checkov on terraform files from untrusted sources or pull requests.\", \"base64\": false}]}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"An unsafe deserialization vulnerability in Palo Alto Networks Checkov by Prisma\\u00ae Cloud allows an authenticated user to execute arbitrary code as a non administrative user by scanning a malicious terraform file when using Checkov in Prisma\\u00ae Cloud.\\n\\nThis issue impacts Checkov 3.0 versions earlier than Checkov 3.2.415.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"An unsafe deserialization vulnerability in Palo Alto Networks Checkov by Prisma\\u00ae Cloud allows an authenticated user to execute arbitrary code as a non administrative user by scanning a malicious terraform file when using Checkov in Prisma\\u00ae Cloud.\u003cbr\u003e\u003cbr\u003eThis issue impacts Checkov 3.0 versions earlier than Checkov 3.2.415.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-502\", \"description\": \"CWE-502 Deserialization of Untrusted Data\"}]}], \"configurations\": [{\"lang\": \"en\", \"value\": \"No special configuration is required to be vulnerable to this issue.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cspan\u003eNo special configuration is required to be vulnerable to this issue.\u003c/span\u003e\", \"base64\": false}]}], \"providerMetadata\": {\"orgId\": \"d6c1279f-00f6-4ef7-9217-f89ffe703ec0\", \"shortName\": \"palo_alto\", \"dateUpdated\": \"2025-08-13T17:02:47.899Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-2180\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-08-13T17:21:30.216Z\", \"dateReserved\": \"2025-03-10T17:56:22.502Z\", \"assignerOrgId\": \"d6c1279f-00f6-4ef7-9217-f89ffe703ec0\", \"datePublished\": \"2025-08-13T17:02:47.899Z\", \"assignerShortName\": \"palo_alto\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GHSA-4HF9-48VJ-Q77G

Vulnerability from github – Published: 2025-08-13 18:31 – Updated: 2025-08-13 18:31

Details

This issue impacts Checkov 3.0 versions earlier than Checkov 3.2.415.

Severity ?

4.8 (Medium)


                  
                    CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L/AU:N/R:U/V:D/RE:M/U:Amber

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-2180"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-502"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-13T17:15:25Z",
    "severity": "MODERATE"
  },
  "details": "An unsafe deserialization vulnerability in Palo Alto Networks Checkov by Prisma\u00ae Cloud allows an authenticated user to execute arbitrary code as a non administrative user by scanning a malicious terraform file when using Checkov in Prisma\u00ae Cloud.\n\nThis issue impacts Checkov 3.0 versions earlier than Checkov 3.2.415.",
  "id": "GHSA-4hf9-48vj-q77g",
  "modified": "2025-08-13T18:31:23Z",
  "published": "2025-08-13T18:31:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2180"
    },
    {
      "type": "WEB",
      "url": "https://security.paloaltonetworks.com/CVE-2025-2180"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber",
      "type": "CVSS_V4"
    }
  ]
}

CERTFR-2025-AVI-0695

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Palo Alto Networks. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une élévation de privilèges et une atteinte à la confidentialité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Palo Alto Networks	Prisma Access Browser	Prisma Access Browser versions antérieures à 138.53.6.158
Palo Alto Networks	GlobalProtect App	GlobalProtect App versions antérieures à 6.2.8-h3 (6.2.8-c263) pour Windows
Palo Alto Networks	GlobalProtect App	GlobalProtect App versions antérieures à 6.3.3 pour Linux
Palo Alto Networks	PAN-OS	PAN-OS versions 11.2.x antérieures à 11.2.8 sur PA-7500
Palo Alto Networks	GlobalProtect App	GlobalProtect App versions 6.3.x antérieures à 6.3.3-h2 (6.3.3-c676) pour Windows
Palo Alto Networks	Checkov by Prisma Cloud	Checkov by Prisma Cloud versions 3.2.x antérieures à 3.2.449
Palo Alto Networks	PAN-OS	PAN-OS versions 11.1.x antérieures à 11.1.10 sur PA-7500
Palo Alto Networks	Cortex XDR Broker	Cortex XDR Broker VM versions 28.0.x antérieures à 28.0.52

References

Title

Publication Time

Tags

Bulletin de sécurité Palo Alto Networks CVE-2025-2183	2025-08-13	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2025-2180	2025-08-13	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2025-2181	2025-08-13	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2025-2184	2025-08-13	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2025-2182	2025-08-13	vendor-advisory
Bulletin de sécurité Palo Alto Networks PAN-SA-2025-0014	2025-08-13	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Prisma Access Browser versions ant\u00e9rieures \u00e0 138.53.6.158",
      "product": {
        "name": "Prisma Access Browser",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "GlobalProtect App versions ant\u00e9rieures \u00e0 6.2.8-h3 (6.2.8-c263) pour Windows",
      "product": {
        "name": "GlobalProtect App",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "GlobalProtect App versions ant\u00e9rieures \u00e0 6.3.3 pour Linux",
      "product": {
        "name": "GlobalProtect App",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 11.2.x ant\u00e9rieures \u00e0 11.2.8 sur PA-7500",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "GlobalProtect App versions 6.3.x ant\u00e9rieures \u00e0 6.3.3-h2 (6.3.3-c676) pour Windows",
      "product": {
        "name": "GlobalProtect App",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Checkov by Prisma Cloud versions 3.2.x ant\u00e9rieures \u00e0 3.2.449",
      "product": {
        "name": "Checkov by Prisma Cloud",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 11.1.x ant\u00e9rieures \u00e0 11.1.10 sur PA-7500",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Cortex XDR Broker VM versions 28.0.x ant\u00e9rieures \u00e0 28.0.52",
      "product": {
        "name": "Cortex XDR Broker",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-2182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-2182"
    },
    {
      "name": "CVE-2025-2183",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-2183"
    },
    {
      "name": "CVE-2025-7656",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-7656"
    },
    {
      "name": "CVE-2025-7657",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-7657"
    },
    {
      "name": "CVE-2024-5921",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-5921"
    },
    {
      "name": "CVE-2025-2184",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-2184"
    },
    {
      "name": "CVE-2025-8292",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8292"
    },
    {
      "name": "CVE-2025-6558",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6558"
    },
    {
      "name": "CVE-2025-8010",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8010"
    },
    {
      "name": "CVE-2025-2181",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-2181"
    },
    {
      "name": "CVE-2025-8011",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8011"
    },
    {
      "name": "CVE-2025-2180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-2180"
    }
  ],
  "links": [],
  "reference": "CERTFR-2025-AVI-0695",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-08-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Palo Alto Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Palo Alto Networks",
  "vendor_advisories": [
    {
      "published_at": "2025-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-2183",
      "url": "https://security.paloaltonetworks.com/CVE-2025-2183"
    },
    {
      "published_at": "2025-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-2180",
      "url": "https://security.paloaltonetworks.com/CVE-2025-2180"
    },
    {
      "published_at": "2025-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-2181",
      "url": "https://security.paloaltonetworks.com/CVE-2025-2181"
    },
    {
      "published_at": "2025-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-2184",
      "url": "https://security.paloaltonetworks.com/CVE-2025-2184"
    },
    {
      "published_at": "2025-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-2182",
      "url": "https://security.paloaltonetworks.com/CVE-2025-2182"
    },
    {
      "published_at": "2025-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-SA-2025-0014",
      "url": "https://security.paloaltonetworks.com/PAN-SA-2025-0014"
    }
  ]
}

CERTFR-2025-AVI-0695

Vulnerability from certfr_avis - Published: - Updated:

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Palo Alto Networks	Prisma Access Browser	Prisma Access Browser versions antérieures à 138.53.6.158
Palo Alto Networks	GlobalProtect App	GlobalProtect App versions antérieures à 6.2.8-h3 (6.2.8-c263) pour Windows
Palo Alto Networks	GlobalProtect App	GlobalProtect App versions antérieures à 6.3.3 pour Linux
Palo Alto Networks	PAN-OS	PAN-OS versions 11.2.x antérieures à 11.2.8 sur PA-7500
Palo Alto Networks	GlobalProtect App	GlobalProtect App versions 6.3.x antérieures à 6.3.3-h2 (6.3.3-c676) pour Windows
Palo Alto Networks	Checkov by Prisma Cloud	Checkov by Prisma Cloud versions 3.2.x antérieures à 3.2.449
Palo Alto Networks	PAN-OS	PAN-OS versions 11.1.x antérieures à 11.1.10 sur PA-7500
Palo Alto Networks	Cortex XDR Broker	Cortex XDR Broker VM versions 28.0.x antérieures à 28.0.52

References

Title

Publication Time

Tags

Bulletin de sécurité Palo Alto Networks CVE-2025-2183	2025-08-13	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2025-2180	2025-08-13	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2025-2181	2025-08-13	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2025-2184	2025-08-13	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2025-2182	2025-08-13	vendor-advisory
Bulletin de sécurité Palo Alto Networks PAN-SA-2025-0014	2025-08-13	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Prisma Access Browser versions ant\u00e9rieures \u00e0 138.53.6.158",
      "product": {
        "name": "Prisma Access Browser",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "GlobalProtect App versions ant\u00e9rieures \u00e0 6.2.8-h3 (6.2.8-c263) pour Windows",
      "product": {
        "name": "GlobalProtect App",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "GlobalProtect App versions ant\u00e9rieures \u00e0 6.3.3 pour Linux",
      "product": {
        "name": "GlobalProtect App",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 11.2.x ant\u00e9rieures \u00e0 11.2.8 sur PA-7500",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "GlobalProtect App versions 6.3.x ant\u00e9rieures \u00e0 6.3.3-h2 (6.3.3-c676) pour Windows",
      "product": {
        "name": "GlobalProtect App",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Checkov by Prisma Cloud versions 3.2.x ant\u00e9rieures \u00e0 3.2.449",
      "product": {
        "name": "Checkov by Prisma Cloud",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 11.1.x ant\u00e9rieures \u00e0 11.1.10 sur PA-7500",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Cortex XDR Broker VM versions 28.0.x ant\u00e9rieures \u00e0 28.0.52",
      "product": {
        "name": "Cortex XDR Broker",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-2182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-2182"
    },
    {
      "name": "CVE-2025-2183",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-2183"
    },
    {
      "name": "CVE-2025-7656",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-7656"
    },
    {
      "name": "CVE-2025-7657",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-7657"
    },
    {
      "name": "CVE-2024-5921",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-5921"
    },
    {
      "name": "CVE-2025-2184",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-2184"
    },
    {
      "name": "CVE-2025-8292",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8292"
    },
    {
      "name": "CVE-2025-6558",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6558"
    },
    {
      "name": "CVE-2025-8010",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8010"
    },
    {
      "name": "CVE-2025-2181",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-2181"
    },
    {
      "name": "CVE-2025-8011",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8011"
    },
    {
      "name": "CVE-2025-2180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-2180"
    }
  ],
  "links": [],
  "reference": "CERTFR-2025-AVI-0695",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-08-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Palo Alto Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Palo Alto Networks",
  "vendor_advisories": [
    {
      "published_at": "2025-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-2183",
      "url": "https://security.paloaltonetworks.com/CVE-2025-2183"
    },
    {
      "published_at": "2025-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-2180",
      "url": "https://security.paloaltonetworks.com/CVE-2025-2180"
    },
    {
      "published_at": "2025-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-2181",
      "url": "https://security.paloaltonetworks.com/CVE-2025-2181"
    },
    {
      "published_at": "2025-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-2184",
      "url": "https://security.paloaltonetworks.com/CVE-2025-2184"
    },
    {
      "published_at": "2025-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-2182",
      "url": "https://security.paloaltonetworks.com/CVE-2025-2182"
    },
    {
      "published_at": "2025-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-SA-2025-0014",
      "url": "https://security.paloaltonetworks.com/PAN-SA-2025-0014"
    }
  ]
}

FKIE_CVE-2025-2180

Vulnerability from fkie_nvd - Published: 2025-08-13 17:15 - Updated: 2025-08-13 17:33

Severity ?

4.8 (Medium) - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L/AU:N/R:U/V:D/RE:M/U:Amber

Summary

References

	URL	Tags
	psirt@paloaltonetworks.com	https://security.paloaltonetworks.com/CVE-2025-2180

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An unsafe deserialization vulnerability in Palo Alto Networks Checkov by Prisma\u00ae Cloud allows an authenticated user to execute arbitrary code as a non administrative user by scanning a malicious terraform file when using Checkov in Prisma\u00ae Cloud.\n\nThis issue impacts Checkov 3.0 versions earlier than Checkov 3.2.415."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de deserializaci\u00f3n insegura en Palo Alto Networks Checkov by Prisma\u00ae Cloud permite que un usuario autenticado ejecute c\u00f3digo arbitrario como usuario no administrativo escaneando un archivo malicioso de Terraform al usar Checkov en Prisma\u00ae Cloud. Este problema afecta a versiones de Checkov 3.0 anteriores a la 3.2.415."
    }
  ],
  "id": "CVE-2025-2180",
  "lastModified": "2025-08-13T17:33:46.673",
  "metrics": {
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NO",
          "Recovery": "USER",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "LOCAL",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 4.8,
          "baseSeverity": "MEDIUM",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "NONE",
          "providerUrgency": "AMBER",
          "subAvailabilityImpact": "LOW",
          "subConfidentialityImpact": "LOW",
          "subIntegrityImpact": "LOW",
          "userInteraction": "PASSIVE",
          "valueDensity": "DIFFUSE",
          "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber",
          "version": "4.0",
          "vulnAvailabilityImpact": "NONE",
          "vulnConfidentialityImpact": "NONE",
          "vulnIntegrityImpact": "LOW",
          "vulnerabilityResponseEffort": "MODERATE"
        },
        "source": "psirt@paloaltonetworks.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-08-13T17:15:25.973",
  "references": [
    {
      "source": "psirt@paloaltonetworks.com",
      "url": "https://security.paloaltonetworks.com/CVE-2025-2180"
    }
  ],
  "sourceIdentifier": "psirt@paloaltonetworks.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-502"
        }
      ],
      "source": "psirt@paloaltonetworks.com",
      "type": "Secondary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-2180 (GCVE-0-2025-2180)

GHSA-4HF9-48VJ-Q77G

CERTFR-2025-AVI-0695

Solutions

CERTFR-2025-AVI-0695

Solutions

FKIE_CVE-2025-2180

Tags

Sightings

Nomenclature