This blog post discusses a new vulnerability affecting Palo Alto Networks firewalls, reminiscent of a previous DoS issue in 2024. Attackers exploited the vulnerability before patches were available, resulting in a zero-day situation. Additionally, there have been recent incidents targeting GlobalProtect and Cisco VPNs, as well as a serious zero-day flaw in PAN-OS earlier in 2025 that allowed bypassing login authentication.
Palo Alto Networks has reported nearly 500 vulnerabilities, with a significant number related to DoS issues. However, some older PAN-OS issues did not receive CVE identifiers, making longitudinal comparison across vendors challenging. Most customers using the Prisma Access SASE platform have already been patched, but PAN-OS NGFW customers utilizing the GlobalProtect gateway or portal will need to apply the patch themselves. While there are no known workarounds, temporarily disabling the VPN interface could mitigate the issue at the expense of remote access until patching is complete.
