FISA

A newly disclosed vulnerability in Palo Alto Networks' GlobalProtect VPN solution exposes organizations to phishing and credential theft campaigns via a reflected cross-site scripting (XSS) attack. The flaw, tracked as CVE-2025-0133 , affects the GlobalProtect gateway and portal features in multiple versions of PAN-OS, and was identified by XBOW researchers . Vulnerability Overview This reflected XSS vulnerability allows execution of malicious JavaScript in the browser sessions of authenticated Captive Portal users when they are tricked into clicking specially crafted links. While it carries a low CVSS base score (2.0) under default configurations, the risk escalates to medium severity (CVSS 5.5) when Clientless VPN is enabled—making it a more urgent threat for affected organizations. Technical Details CWE Classification: CWE-79 – Improper Neutralization of Input During Web Page Generation CAPEC Classification: CAPEC-591 – Reflected XSS Impact: Execution of Jav...