Vulnerability Description
When configured using SAML, a session fixation vulnerability in the GlobalProtect™ login enables an attacker to impersonate a legitimate authorized user and perform actions as that GlobalProtect user. This requires the legitimate user to first click on a malicious link provided by the attacker. The SAML login for the PAN-OS® management interface is not affected. Additionally, this issue does not affect Cloud NGFW and all Prisma® Access instances are proactively patched.
Related Weaknesses (CWE)
References
FAQ
What is CVE-2025-0126?
CVE-2025-0126 is a documented vulnerability. When configured using SAML, a session fixation vulnerability in the GlobalProtect™ login enables an attacker to impersonate a legitimate authorized user and perform actions as that GlobalProtect user....
How severe is CVE-2025-0126?
CVSS scoring is not yet available for CVE-2025-0126. Check NVD for updates.
Is there a patch for CVE-2025-0126?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.