Palo Alto PAN-OS Flaw Lets Attackers Force Firewall Reboots via Malicious Packets

Palo Alto Networks has disclosed a denial-of-service vulnerability in its PAN-OS software that allows attackers to force firewalls into unexpected reboots using specially crafted network packets.

The flaw, tracked as CVE-2025-4619, affects multiple versions of PAN-OS running on PA-Series and VM-Series firewalls, as well as Prisma Access deployments.

The vulnerability enables unauthenticated attackers to trigger firewall reboots by sending malicious packets through the data plane.

More concerning is that repeated exploitation attempts can push the affected firewall into maintenance mode, effectively disrupting network security operations and leaving organizations vulnerable to potential attacks during the downtime.

According to Palo Alto Networks’ security advisory published on November 12, 2025, the issue affects explicitly firewalls configured with URL proxy functionality or a decrypt policy.

Notably, the vulnerability can be exploited even when traffic doesn’t match explicit decrypt or no-decrypt policies, broadening the attack surface significantly for affected organizations running these standard configurations ...