Privilege Escalation in PAN-OS Web Interface Allows Admin Users to Perform Root Actions

Palo Alto Networks disclosed a medium-severity command injection vulnerability on June 11, 2025, designated as CVE-2025-4231, affecting the management web interface of its PAN-OS operating system.

The vulnerability enables authenticated administrative users to escalate privileges and execute commands as the root user, potentially compromising the entire firewall system24.

The security flaw carries a CVSS score of 6.1 under version 4.0 metrics, with the attack vector classified as network-based with low complexity requirements.

Despite the medium severity rating, security experts emphasize the critical nature of this vulnerability due to its potential for complete system compromise once administrative access is obtained.

Technical Analysis and Exploitation Requirements

CVE-2025-4231 represents a classic command injection weakness (CWE-77) that allows improper neutralization of special elements used in commands.

The vulnerability specifically targets the management web interface and requires several preconditions for successful exploitation:

• Network access to the management web ...