CVE-2025-0126 PAN-OS: Session Fixation Vulnerability in GlobalProtect SAML Login (Severity: MEDIUM) - #CVE-2025-0126
A session fixation vulnerability, designated as CVE-2025-0126, has been identified in the GlobalProtect SAML login on PAN-OS. This moderate urgency, medium severity (5.6) vulnerability allows attackers to impersonate legitimate users through malicious links. It affects specific PAN-OS versions using SAML authentication for GlobalProtect portals, but does not impact the PAN-OS management interface, Cloud NGFW, or Prisma Access. Palo Alto Networks recommends upgrading to patched versions as the primary mitigation strategy. For configurations where immediate upgrades are not feasible, using alternative authentication methods for the GlobalProtect portal is suggested. The vulnerability was externally discovered and reported by D'Angelo Gonzalez of CrowdStrike, highlighting the importance of collaborative security efforts in the cybersecurity community.