CVE-2025-0128
CVE-2025-0128 is a high-severity vulnerability with a CVSS 4.0 base score of 8.7. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-754.
Key facts
- Severity: High (CVSS 4.0 base score 8.7)
- EPSS exploit prediction: 0% (20th percentile)
- Actively exploited: Not listed in CISA KEV
- EU (EUVD) id: EUVD-2025-15133
- Weakness: CWE-754
- Published:
- Last modified:
Description
A denial-of-service (DoS) vulnerability in the Simple Certificate Enrollment Protocol (SCEP) authentication feature of Palo Alto Networks PAN-OS® software enables an unauthenticated attacker to initiate system reboots using a maliciously crafted packet. Repeated attempts to initiate a reboot causes the firewall to enter maintenance mode. Cloud NGFW is not affected by this vulnerability. Prisma® Access software is proactively patched and protected from this issue.
Frequently asked questions
- What is CVE-2025-0128?
- A denial-of-service (DoS) vulnerability in the Simple Certificate Enrollment Protocol (SCEP) authentication feature of Palo Alto Networks PAN-OS® software enables an unauthenticated attacker to initiate system reboots using a maliciously crafted packet. Repeated attempts to initiate a reboot causes the firewall to enter maintenance mode. Cloud NGFW is not affected by this vulnerability. Prisma® Access software is proactively patched and protected from this issue.
- How severe is CVE-2025-0128?
- CVE-2025-0128 has a CVSS 4.0 base score of 8.7, rated high severity.
- Is CVE-2025-0128 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (20th percentile), an estimate of the probability of exploitation in the next 30 days.
- How do I fix CVE-2025-0128?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its high severity, prioritise patching exposed systems.
- Does CVE-2025-0128 have an EU (EUVD) identifier?
- Yes. CVE-2025-0128 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2025-15133.
- When was CVE-2025-0128 published?
- CVE-2025-0128 was published on 2025-04-11 and last updated on 2026-06-17.
References
Other CWE-754 (Improper Check for Unusual or Exceptional Conditions) vulnerabilities
- CVE-2026-24054 — Critical (CVSS 10.0): Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines (VMs)…
- CVE-2021-0211 — Critical (CVSS 10.0): An improper check for unusual or exceptional conditions in Juniper Networks Junos OS and Junos OS Evolved Routing…
- CVE-2026-8091 — Critical (CVSS 9.8): Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150,…
- CVE-2024-52316 — Critical (CVSS 9.8): Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta…
- CVE-2024-7826 — Critical (CVSS 9.8): Improper Check for Unusual or Exceptional Conditions vulnerability in Webroot SecureAnywhere - Web Shield on Windows,…
- CVE-2023-37303 — Critical (CVSS 9.8): An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. In certain situations, an attempt to…
Browse all CWE-754 (Improper Check for Unusual or Exceptional Conditions) vulnerabilities →