CVE-2025-0126
Description
When configured using SAML, a session fixation vulnerability in the GlobalProtect™ login enables an attacker to impersonate a legitimate authorized user and perform actions as that GlobalProtect user. This requires the legitimate user to first click on a malicious link provided by the attacker. The SAML login for the PAN-OS® management interface is not affected. Additionally, this issue does not affect Cloud NGFW and all Prisma® Access instances are proactively patched.
Weakness Type (CWE)
References
Other References
Frequently Asked Questions
What is CVE-2025-0126? +
How do I check if I'm vulnerable to CVE-2025-0126? +
Related Vulnerabilities
This vulnerability exists in Meon KYC solutions due to improper handling of access and refresh tokens in certain API endpoints …
A Session Fixation vulnerability existed in Payload's SQLite adapter due to identifier reuse during account creation. A malicious attacker could …
Default configurations of Apache Shiro have a session fixation vulnerability. This issue affects Apache Shiro from 1.0 to 2.1.0, and …
A malicious actor can fix the session of a PAM user by tricking the user to click on a specially …
An improper session validation allows an unauthenticated attacker to cause certain request notifications to be executed in the context of …
The Itel DAB Encoder (IDEnc build 25aec8d) is vulnerable to Authentication Bypass due to improper JWT validation across devices. Attackers …