CVE-2025-2182

CVE-2025-2182 is a medium-severity vulnerability with a CVSS 4.0 base score of 5.6. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-312.

Key facts

Description

A problem with the implementation of the MACsec protocol in Palo Alto Networks PAN-OS® results in the cleartext exposure of the connectivity association key (CAK). This issue is only applicable to PA-7500 Series devices which are in an NGFW cluster. A user who possesses this key can read messages being sent between devices in a NGFW Cluster. There is no impact in non-clustered firewalls or clusters of firewalls that do not enable MACsec.

Frequently asked questions

What is CVE-2025-2182?
A problem with the implementation of the MACsec protocol in Palo Alto Networks PAN-OS® results in the cleartext exposure of the connectivity association key (CAK). This issue is only applicable to PA-7500 Series devices which are in an NGFW cluster. A user who possesses this key can read messages being sent between devices in a NGFW Cluster. There is no impact in non-clustered firewalls or clusters of firewalls that do not enable MACsec.
How severe is CVE-2025-2182?
CVE-2025-2182 has a CVSS 4.0 base score of 5.6, rated medium severity.
Is CVE-2025-2182 being actively exploited?
It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (1st percentile), an estimate of the probability of exploitation in the next 30 days.
How do I fix CVE-2025-2182?
Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
Does CVE-2025-2182 have an EU (EUVD) identifier?
Yes. CVE-2025-2182 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2025-24617.
When was CVE-2025-2182 published?
CVE-2025-2182 was published on 2025-08-13 and last updated on 2026-06-17.

References

Other CWE-312 (Cleartext Storage of Sensitive Information) vulnerabilities

Browse all CWE-312 (Cleartext Storage of Sensitive Information) vulnerabilities →