Palo Alto Networks Addresses Multiple Security Vulnerabilities

Cybersecurity leader Palo Alto Networks has released a series of critical patches to address vulnerabilities across its product suite, including the GlobalProtect App, Cortex XDR, PAN-OS, and Prisma Access Browser.

The company identified six flaws, categorizing them by severity with CVSS scores ranging from low (0.3, 1, and 2.3) to high severity.

The most severe vulnerability, designated as CVE-2025-4232, involves an authenticated code injection affecting versions 6.0 to 6.3 of the GlobalProtect App on macOS. This vulnerability received a CVSS score of 7.1, prompting Palo Alto to recommend a moderate urgency for patching.

Two additional vulnerabilities, also classified as authenticated admin command injections, impact PAN-OS versions 10.1 through 11.2 and are rated with medium severity scores—5.7 for CVE-2025-4230 and 6.1 for CVE-2025-4231.

Moreover, Palo Alto implemented a set of 11 fixes in the Google Chrome browser, which is integrated into its Prisma Access Browser. A further patch was issued for CVE-2025-4233, concerning improper implementation within the browser’s cache, further affecting the Prisma Access Browser. The total number of vulnerabilities addressed in this patch cycle has a high-severity CVSS score of 8.6.

Chrome’s open-source counterpart, Chromium, serves as the foundational technology for Palo Alto’s Prisma Access Browser.

Palo Alto Networks stated that there have been no known instances of these vulnerabilities being exploited in the wild.