CVE-2025-4614 is an information disclosure vulnerability classified under CWE-497, which involves the exposure of sensitive system information to an unauthorized control sphere. Specifically, in Palo Alto Networks PAN-OS software for the Cloud NGFW product, an authenticated administrator can access session tokens belonging to other users who are authenticated to the firewall's web UI. Session tokens are critical for maintaining authenticated sessions; if an attacker obtains these tokens, they can impersonate legitimate users without needing their credentials. This vulnerability does not affect the Cloud NGFW and Prisma Access services, limiting its scope to on-premises or managed Cloud NGFW deployments running vulnerable PAN-OS versions. The vulnerability requires administrator-level privileges, which means an attacker must already have elevated access to exploit it. The CVSS v4.0 score of 4.8 reflects a medium severity, considering the network attack vector, low complexity, no need for authentication beyond administrator privileges, and limited confidentiality impact. The vulnerability does not impact integrity or availability and requires some user interaction. Restricting CLI access to a limited group of administrators significantly reduces the risk of exploitation. No patches or exploits are currently reported, but the vulnerability is publicly disclosed as of October 2025.

For European organizations, the primary impact is the potential for session token theft leading to unauthorized impersonation of firewall web UI users. This could allow attackers with administrator access to escalate privileges or perform unauthorized configuration changes, potentially compromising network security. While the vulnerability does not directly affect availability or integrity, unauthorized access to firewall management interfaces can lead to broader security breaches. Organizations with large deployments of Palo Alto Networks Cloud NGFW appliances, especially those with multiple administrators, face increased risk if access controls are lax. The impact is mitigated if CLI and administrative access are tightly controlled. Given the medium severity and the requirement for administrator privileges, the threat is more relevant to insider threats or attackers who have already compromised administrative credentials. The absence of known exploits reduces immediate risk but does not eliminate the need for vigilance.

European organizations should implement strict access control policies limiting administrator and CLI access to a minimal number of trusted personnel. Multi-factor authentication (MFA) should be enforced for all administrative accounts to reduce the risk of credential compromise. Regularly audit administrator sessions and monitor for unusual access patterns or session token anomalies. Employ session timeout and token invalidation policies to limit the window of opportunity for token reuse. Ensure PAN-OS software is updated to the latest version once a patch becomes available. Network segmentation should be used to isolate management interfaces from general user networks. Additionally, consider deploying privileged access management (PAM) solutions to monitor and control administrator activities. Conduct security awareness training emphasizing the risks of session token exposure and the importance of safeguarding administrative credentials.