CVE-2025-0126
Description
When configured using SAML, a session fixation vulnerability in the GlobalProtect™ login enables an attacker to impersonate a legitimate authorized user and perform actions as that GlobalProtect user. This requires the legitimate user to first click on a malicious link provided by the attacker. The SAML login for the PAN-OS® management interface is not affected. Additionally, this issue does not affect Cloud NGFW and all Prisma® Access instances are proactively patched.
Weakness Type (CWE)
References
Other References
Frequently Asked Questions
What is CVE-2025-0126? +
How do I check if I'm vulnerable to CVE-2025-0126? +
Related Vulnerabilities
An improper session validation allows an unauthenticated attacker to cause certain request notifications to be executed in the context of …
A malicious actor can fix the session of a PAM user by tricking the user to click on a specially …
This vulnerability exists in Meon KYC solutions due to improper handling of access and refresh tokens in certain API endpoints …
A Session Fixation vulnerability existed in Payload's SQLite adapter due to identifier reuse during account creation. A malicious attacker could …
Fiber is an Express-inspired web framework written in Go A vulnerability present in versions prior to 2.52.5 is a session …
The Itel DAB Gateway (IDGat build c041640a) is vulnerable to Authentication Bypass due to improper JWT validation across devices. Attackers …