CVE-2025-0136
UNKNOWN
Published 2025-05-14T18:12:14.153Z
Actions:
No CVSS data available
Description
Using the AES-128-CCM algorithm for IPSec on certain Palo Alto Networks PAN-OS® firewalls (PA-7500, PA-5400, PA-5400f, PA-3400, PA-1600, PA-1400, and PA-400 Series) leads to unencrypted data transfer to devices that are connected to the PAN-OS firewall through IPSec.
This issue does not affect Cloud NGFWs, Prisma® Access instances, or PAN-OS VM-Series firewalls.
NOTE: The AES-128-CCM encryption algorithm is not recommended for use.
Available Exploits
No exploits available for this CVE.
Related News
CVE-2025-0136 PAN-OS: Unencrypted Data Transfer when using AES-128-CCM on Intel-based hardware devices (Severity: LOW)
Related content: PAN-SA-2025-0009 Chromium: Monthly Vulnerability Update (May 2025) (Severity: HIGH) CVE-2024-5916 PAN-OS: Cleartext Exposure of External System Secrets (Severity: MEDIUM) CVE-2025-0132 Cortex XDR Broker VM: Unauthenticated User Can Disable In…
Paloaltonetworks.com
2025-05-14 16:00
Affected Products
Affected Versions:
Affected Versions:
Published: 2025-05-14T18:12:14.153Z
Last Modified: 2025-05-14T19:43:47.169Z
Copied to clipboard!