PAN-OS DoS Vulnerability Allows Attackers to Force Repeated Firewall Reboots

A newly disclosed denial-of-service (DoS) vulnerability in Palo Alto Networks’ PAN-OS software enables attackers to force firewalls into repeated reboots using maliciously crafted packets.

Tracked as CVE-2025-0128, the flaw impacts SCEP (Simple Certificate Enrollment Protocol) authentication and poses significant risks to unpatched systems.

The vulnerability, CVE-2025-0128, enables unauthenticated attackers to disrupt network operations by sending a single malicious packet, triggering repeated firewall reboots.

These attacks force firewalls into maintenance mode, significantly impacting network availability and creating potential downtime for critical systems.

Palo Alto Networks has rated the severity of this issue as 6.6 (MEDIUM) on the CVSS v4.0 scale, with an 8.7 Base Score for unpatched PAN-OS systems.

Immediate mitigation and upgrades are essential to minimize the risk of exploitation. The vulnerability stems from improper checks in SCEP authentication handling.

Attackers exploiting this flaw bypass standard security controls, causing the firewall’s management plane to crash and ...