CVE-2025-0133
Expert Analysis
Professional remediation guidance
Get tailored security recommendations from our analyst team for CVE-2025-0133. We'll provide specific mitigation strategies based on your environment and risk profile.
Description
A reflected cross-site scripting (XSS) vulnerability in the GlobalProtect™ gateway and portal features of Palo Alto Networks PAN-OS® software enables execution of malicious JavaScript in the context of an authenticated Captive Portal user's browser when they click on a specially crafted link. The primary risk is phishing attacks that can lead to credential theft—particularly if you enabled Clientless VPN.
There is no availability impact to GlobalProtect features or GlobalProtect users. Attackers cannot use this vulnerability to tamper with or modify contents or configurations of the GlobalProtect portal or gateways. The integrity impact of this vulnerability is limited to enabling an attacker to create phishing and credential-stealing links that appear to be hosted on the GlobalProtect portal.
For GlobalProtect users with Clientless VPN enabled, there is a limited impact on confidentiality due to inherent risks of Clientless VPN that facilitate credential theft. You can read more about this risk in the informational bulletin PAN-SA-2025-0005 https://security.paloaltonetworks.com/PAN-SA-2025-0005 https://security.paloaltonetworks.com/PAN-SA-2025-0005 . There is no impact to confidentiality for GlobalProtect users if you did not enable (or you disable) Clientless VPN.
Available Exploits
Related News
EU Vulnerability Database
Monitored by ENISA for EU cybersecurity
ENISA Analysis
A reflected cross-site scripting (XSS) vulnerability in the GlobalProtect™ gateway and portal features of Palo Alto Networks PAN-OS® software enables execution of malicious JavaScript in the context of an authenticated Captive Portal user's browser when they click on a specially crafted link. The primary risk is phishing attacks that can lead to credential theft—particularly if you enabled Clientless VPN.
There is no availability impact to GlobalProtect features or GlobalProtect users. Attackers cannot use this vulnerability to tamper with or modify contents or configurations of the GlobalProtect portal or gateways. The integrity impact of this vulnerability is limited to enabling an attacker to create phishing and credential-stealing links that appear to be hosted on the GlobalProtect portal.
For GlobalProtect users with Clientless VPN enabled, there is a limited impact on confidentiality due to inherent risks of Clientless VPN that facilitate credential theft. You can read more about this risk in the informational bulletin PAN-SA-2025-0005 https://security.paloaltonetworks.com/PAN-SA-2025-0005 https://security.paloaltonetworks.com/PAN-SA-2025-0005 . There is no impact to confidentiality for GlobalProtect users if you did not enable (or you disable) Clientless VPN.
Affected Products (ENISA)
ENISA Scoring
CVSS Score (4.0)
EPSS Score
ENISA References
Data provided by ENISA EU Vulnerability Database. Last updated: May 14, 2025
GitHub Security Advisories
Community-driven vulnerability intelligence from GitHub
Advisory Details
CVSS Scoring
CVSS Score
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:M/U:Amber
References
Advisory provided by GitHub Security Advisory Database. Published: May 14, 2025, Modified: May 14, 2025
Social Media Intelligence
Real-time discussions and threat intelligence from social platforms
🔥 Top 10 Trending CVEs (29/07/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2025-31199](https://nvd.nist.gov/vuln/detail/CVE-2025-31199)** - 📝 A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.4 and iPadOS 18.4, visionOS 2.4, macOS Sequoia 15.4. An app may be …
🔥 Top 10 Trending CVEs (28/07/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2025-22230](https://nvd.nist.gov/vuln/detail/CVE-2025-22230)** - 📝 VMware Tools for Windows contains an authentication bypass vulnerability due to improper access control.A malicious actor with non-administrative privileges on a guest VM may gain ability to perform …
🔥 Top 10 Trending CVEs (27/07/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2025-23266](https://nvd.nist.gov/vuln/detail/CVE-2025-23266)** - 📝 NVIDIA Container Toolkit for all platforms contains a vulnerability in some hooks used to initialize the container, where an attacker could execute arbitrary code with elevated permissions. A …
🔥 Top 10 Trending CVEs (25/06/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2025-50054](https://nvd.nist.gov/vuln/detail/CVE-2025-50054)** - 📝 Buffer overflow in OpenVPN ovpn-dco-win version 1.3.0 and earlier and version 2.5.8 and earlier allows a local user process to send a too large control message buffer to …
🔥 Top 10 Trending CVEs (19/06/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2023-0386](https://nvd.nist.gov/vuln/detail/CVE-2023-0386)** - 📝 A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernels OverlayFS subsystem …
🔥 Top 10 Trending CVEs (18/06/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2023-33538](https://nvd.nist.gov/vuln/detail/CVE-2023-33538)** - 📝 TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a command injection vulnerability via the component /userRpm/WlanNetworkRpm . - 📅 **Published:** 07/06/2023 - 📈 **CVSS:** …
🔥 Top 10 Trending CVEs (17/06/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2025-3464](https://nvd.nist.gov/vuln/detail/CVE-2025-3464)** - 📝 A race condition vulnerability exists in Armoury Crate. This vulnerability arises from a Time-of-check Time-of-use issue, potentially leading to authentication bypass. Refer to the Security Update for Armoury …
🔥 Top 10 Trending CVEs (16/06/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2025-0133](https://nvd.nist.gov/vuln/detail/CVE-2025-0133)** - 📝 A reflected cross-site scripting (XSS) vulnerability in the GlobalProtect gateway and portal features of Palo Alto Networks PAN-OS software enables execution of malicious JavaScript in the context of …