Vulnerability Description
Using the AES-128-CCM algorithm for IPSec on certain Palo Alto Networks PAN-OS® firewalls (PA-7500, PA-5400, PA-5400f, PA-3400, PA-1600, PA-1400, and PA-400 Series) leads to unencrypted data transfer to devices that are connected to the PAN-OS firewall through IPSec. This issue does not affect Cloud NGFWs, Prisma® Access instances, or PAN-OS VM-Series firewalls. NOTE: The AES-128-CCM encryption algorithm is not recommended for use.
Related Weaknesses (CWE)
References
FAQ
What is CVE-2025-0136?
CVE-2025-0136 is a documented vulnerability. Using the AES-128-CCM algorithm for IPSec on certain Palo Alto Networks PAN-OS® firewalls (PA-7500, PA-5400, PA-5400f, PA-3400, PA-1600, PA-1400, and PA-400 Series) leads to unencrypted data transfer ...
How severe is CVE-2025-0136?
CVSS scoring is not yet available for CVE-2025-0136. Check NVD for updates.
Is there a patch for CVE-2025-0136?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.