CVE-2025-0123 PAN-OS: Information Disclosure Vulnerability in HTTP-2 Packet Captures (Severity: LOW) - #CVE-2025-0123
A vulnerability (CVE-2025-0123) has been discovered in Palo Alto Networks PAN-OS software, affecting HTTP/2 data stream handling. This low-risk issue allows unlicensed administrators to view decrypted HTTP/2 data in clear-text through packet captures, bypassing the usual requirement for a Decryption Port Mirror license. The vulnerability, with a CVSS score of 1.9, requires high privileges and network access to the firewall's management interface for exploitation. Affected versions include PAN-OS 11.2 before 11.2.6, 11.1 before 11.1.8, and 10.2 before 10.2.15. Palo Alto Networks has released fixes and recommends upgrading to mitigate the issue. Additional mitigation measures include deleting pre-existing packet capture files, configuring decryption profiles to strip ALPN, and securing access to the management interface according to best practices.