CVE-2025-0114
Published: 12 March 2025
Summary
CVE-2025-0114 is a high-severity Uncontrolled Resource Consumption (CWE-400) vulnerability in Paloaltonetworks Pan-Os. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Service Exhaustion Flood (T1499.002); ranked in the top 48.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SC-6 (Resource Availability).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SC-5 directly prevents the DoS vulnerability by implementing denial-of-service protections against floods of specially crafted packets targeting GlobalProtect portal and gateway.
SC-6 protects resource availability from uncontrolled consumption caused by the large volume of specially crafted packets in this GlobalProtect DoS vulnerability.
SI-2 ensures timely flaw remediation through patching the specific PAN-OS GlobalProtect vulnerability to prevent unauthenticated DoS exploitation.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability directly enables a Service Exhaustion Flood (T1499.002) by allowing an unauthenticated network attacker to send large volumes of specially crafted packets that exhaust resources and render GlobalProtect portal/gateway services unavailable.
NVD Description
A Denial of Service (DoS) vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software enables an unauthenticated attacker to render the service unavailable by sending a large number of specially crafted packets over a period of time. This…
more
issue affects both the GlobalProtect portal and the GlobalProtect gateway. This issue does not apply to Cloud NGFWs or Prisma Access software.
Deeper analysisAI
CVE-2025-0114 is a Denial of Service (DoS) vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software. It enables an unauthenticated attacker to render the GlobalProtect portal and gateway services unavailable by sending a large number of specially crafted packets over a period of time. This issue does not affect Cloud NGFWs or Prisma Access software. The vulnerability has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) and is linked to CWE-400 (Uncontrolled Resource Consumption).
An unauthenticated attacker with network access can exploit this vulnerability due to its low attack complexity, lack of required privileges, and absence of user interaction. Exploitation involves flooding the service with specially crafted packets, resulting in a denial of service that disrupts availability of the GlobalProtect portal and gateway without affecting confidentiality or integrity.
Mitigation details are available in the official Palo Alto Networks security advisory at https://security.paloaltonetworks.com/CVE-2025-0114.
Details
- CWE(s)