CVE-2025-0122

Prisma SD-WAN: Denial of Service (DoS) Vulnerability Through Burst of Crafted Packets

Description

A denial-of-service (DoS) vulnerability in Palo Alto Networks Prisma® SD-WAN ION devices enables an unauthenticated attacker in a network adjacent to a Prisma SD-WAN ION device to disrupt the packet processing capabilities of the device by sending a burst of crafted packets to that device.

Remediation

Solution:

VersionSuggested SolutionPrisma SD-WAN 6.5Upgrade to Prisma SD-WAN 6.5.1 or laterPrisma SD-WAN 6.4 Upgrade to Prisma SD-WAN 6.4.2 or laterPrisma SD-WAN 6.3Upgrade to Prisma SD-WAN 6.3.4 or laterPrisma SD-WAN 6.2Upgrade to Prisma SD-WAN 6.3.4 or laterPrisma SD-WAN 6.1Upgrade to Prisma SD-WAN 6.1.10 or later

Workaround:

There are no known workarounds for this issue.

References

Link	Tags
https://security.paloaltonetworks.com/CVE-2025-0122	vendor advisory

Frequently Asked Questions

What is the severity of CVE-2025-0122?: CVE-2025-0122 has been scored as a medium severity vulnerability.
How to fix CVE-2025-0122?: To fix CVE-2025-0122: VersionSuggested SolutionPrisma SD-WAN 6.5Upgrade to Prisma SD-WAN 6.5.1 or laterPrisma SD-WAN 6.4 Upgrade to Prisma SD-WAN 6.4.2 or laterPrisma SD-WAN 6.3Upgrade to Prisma SD-WAN 6.3.4 or laterPrisma SD-WAN 6.2Upgrade to Prisma SD-WAN 6.3.4 or laterPrisma SD-WAN 6.1Upgrade to Prisma SD-WAN 6.1.10 or later
Is CVE-2025-0122 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2025-0122 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-0122?: CVE-2025-0122 affects Palo Alto Networks Prisma SD-WAN.

Description

Remediation

Category

CWE-770 – Allocation of Resources Without Limits or Throttling

References

Frequently Asked Questions