AI description
CVE-2025-0133 is a reflected cross-site scripting (XSS) vulnerability found in the GlobalProtect gateway and portal features of Palo Alto Networks PAN-OS software. This vulnerability allows for the execution of malicious JavaScript within the browser of an authenticated Captive Portal user when they interact with a specially crafted link. The primary risk associated with this vulnerability is the potential for phishing attacks that could lead to the theft of user credentials, particularly if Clientless VPN is enabled. An attacker could create links that appear to be hosted on the GlobalProtect portal to steal credentials. Threat IDs 510003 and 510004 can be enabled to block attacks. Disabling Clientless VPN can also serve as mitigation.
- Description
- A reflected cross-site scripting (XSS) vulnerability in the GlobalProtect™ gateway and portal features of Palo Alto Networks PAN-OS® software enables execution of malicious JavaScript in the context of an authenticated Captive Portal user's browser when they click on a specially crafted link. The primary risk is phishing attacks that can lead to credential theft—particularly if you enabled Clientless VPN. There is no availability impact to GlobalProtect features or GlobalProtect users. Attackers cannot use this vulnerability to tamper with or modify contents or configurations of the GlobalProtect portal or gateways. The integrity impact of this vulnerability is limited to enabling an attacker to create phishing and credential-stealing links that appear to be hosted on the GlobalProtect portal. For GlobalProtect users with Clientless VPN enabled, there is a limited impact on confidentiality due to inherent risks of Clientless VPN that facilitate credential theft. You can read more about this risk in the informational bulletin PAN-SA-2025-0005 https://security.paloaltonetworks.com/PAN-SA-2025-0005 https://security.paloaltonetworks.com/PAN-SA-2025-0005 . There is no impact to confidentiality for GlobalProtect users if you did not enable (or you disable) Clientless VPN.
- Source
- psirt@paloaltonetworks.com
- NVD status
- Awaiting Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 6.9
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:M/U:Amber
- Severity
- MEDIUM
- psirt@paloaltonetworks.com
- CWE-79
- Hype score
- Not currently trending
🚨CVE-2025-0133 : Payload + Template Payload: %3Csvg%20xmlns%3D%22http%3A%2F%https://t.co/aS5n3xqkjv%2F2000%2Fsvg%22%3E%3Cscript%3Eprompt%28%22XSS%22%29%3C%2Fscript%3E%3C%2Fsvg%3E Write-up: https://t.co/dDNVNOQMab Template: https://t.co/AMteRetxIo https://t.co/WqfUYarS4L
@HackingTeam777
22 Sept 2025
2434 Impressions
17 Retweets
79 Likes
47 Bookmarks
1 Reply
0 Quotes
Upcoming CVE & Bug Bounty POC Breakdowns I’ve been working on detailed breakdowns of some new vulnerabilities: CVE-2025-0133 : XSS CVE-2025-53833 : SSTI CVE-2025-30208 : Local File Inclusion All videos will premiere soon on YouTube. 🔗 Watch here: https://t.co/7Rb8lWD
@h4x0r_fr34k
11 Sept 2025
678 Impressions
2 Retweets
10 Likes
2 Bookmarks
0 Replies
0 Quotes
Upcoming CVE & Bug Bounty POC Breakdowns I’ve been working on detailed breakdowns of some new vulnerabilities: CVE-2025-0133 : XSS (Citrix Logout XSS) CVE-2025-53833 : SSTI CVE-2025-30208 : Local File Inclusion All videos will premiere soon on YouTube. 🔗 Watch here: h
@h4x0r_fr34k
11 Sept 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 The GlobalProtect Gateway XSS Threat: How #CVE-2025-0133 Puts Your Corporate Network at Risk https://t.co/hHc3l10mRX Educational Purposes!
@UndercodeUpdate
6 Sept 2025
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The recently disclosed GlobalProtect XSS vuln (CVE-2025-0133) affects hundreds of thousands of organizations worldwide — including thousands of bug bounty programs. Try your luck by running this PoC 👇 #BugBounty #XSS #PoC https://t.co/CBYtygDEMS
@viehgroup
4 Sept 2025
657 Impressions
1 Retweet
15 Likes
12 Bookmarks
1 Reply
0 Quotes
🚨 New GO-TO CVE – Week 65! CVE-2025-0133 🔥 Reflected XSS in Palo Alto GlobalProtect VPN. ➡️ Session hijacking, creds theft, phishing all possible with a crafted link. Full write-up 📖: https://t.co/lTGrR3t9R2 #CVE2025 #XSS #GlobalProtect #BugBounty #CyberSecurity h
@soltanali0
21 Aug 2025
1041 Impressions
0 Retweets
25 Likes
8 Bookmarks
0 Replies
0 Quotes
Has anyone received a bounty for this Reflected XSS on the GlobalProtect portal (CVE-2025-0133)
@JoaoGomes12243
16 Aug 2025
526 Impressions
0 Retweets
5 Likes
1 Bookmark
0 Replies
0 Quotes
I was awarded a $350 bounty on @Hacker0x01! https://t.co/5dbKBrWp1S #TogetherWeHitHarder Tip: CVE-2025-0133 RXSS https://t.co/21A0MTquqH
@exploit_msf
6 Aug 2025
2239 Impressions
4 Retweets
120 Likes
10 Bookmarks
1 Reply
0 Quotes
🚨 #CVE-2025-0133: Exploiting XSS Vulnerabilities with Payloads & Templates https://t.co/panlc5THPp Educational Purposes!
@UndercodeUpdate
4 Aug 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨CVE-2025-0133 : Payload + Template Payload: %3Csvg%20xmlns%3D%22http%3A%2F%https://t.co/W0HAJbMN6c%2F2000%2Fsvg%22%3E%3Cscript%3Eprompt%28%22XSS%22%29%3C%2Fscript%3E%3C%2Fsvg%3E Write-up: https://t.co/jq2cek2iRc Template: https://t.co/NhyJZ0CaGd
@0x3mrj
4 Aug 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Post 2/100 CVE-2025-0133 : Payload + Template Payload: %3Csvg%20xmlns%3D%22http%3A%2F%https://t.co/l9uRav4jue%2F2000%2Fsvg%22%3E%3Cscript%3Eprompt%28%22XSS%22%29%3C%2Fscript%3E%3C%2Fsvg%3E Write-up: https://t.co/nZzhUUmsIS Template: https://t.co/WOcSN2ImWz ---- Check About h
@h4x0r_fr34k
26 Jul 2025
7936 Impressions
35 Retweets
202 Likes
157 Bookmarks
6 Replies
0 Quotes
CVE-2025-0133 — Reflected Cross-Site Scripting (XSS) in Palo Alto GlobalProtect VPN Portal https://t.co/PnkxJiZ9d0 #bugbounty #bugbountytips #bugbountytip
@bountywriteups
25 Jun 2025
33 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-0133 was announced (and fixed) last month, but now we can actually tell people how @XBOW discovered it! It showcases one reason LLMs excel at offsec – they've memorized details about ~every piece of software out there and can use that to find more attack surface https:
@moyix
24 Jun 2025
1257 Impressions
0 Retweets
16 Likes
3 Bookmarks
0 Replies
0 Quotes
FacebookBacktracking to one you shouldn’t have skipped. ⚠️ So CVE-2025-0133 landed, and it doesn’t take much to mess things up. If you missed this one, Casey and Von explain what's going on: https://t.co/fSGml167yO
@Bugcrowd
23 Jun 2025
2428 Impressions
2 Retweets
17 Likes
8 Bookmarks
0 Replies
0 Quotes
🚨 Automating Bug Bounty Success: Leveraging Automation for #CVE-2025-0133 and Beyond https://t.co/IY9PsS2kHV Educational Purposes!
@UndercodeUpdate
22 Jun 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Found a real-world XSS bug (CVE-2025-0133) Dropped a write-up with full PoC + how to find similar targets Read here: https://t.co/cgpXENBdbm #BugBounty #XSS #CVE20250133 #CyberTamarin #EthicalHacking #CyberSecurity
@Twinson_333
20 Jun 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Exploiting and Mitigating the GlobalProtect XSS Vulnerability (#CVE-2025-0133) https://t.co/L5kv38SchF Educational Purposes!
@UndercodeUpdate
19 Jun 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#BugBounty Reported only 90 CVE-2025-0133 2 - Pending Program Review 1 - Triaged 2 - rewarded $700(+$100$ retest) + $100 85 - Duplicates https://t.co/a4w3vfnEpy
@crypt0grapherr
19 Jun 2025
9038 Impressions
4 Retweets
161 Likes
47 Bookmarks
7 Replies
0 Quotes
🚨 Security Flash: CVE-2025-0133 Bugcrowd Founder @caseyjohnellis and Sr. Manager of Security Operations Von T. discuss the situation in depth. You’ll find the full video right here: https://t.co/fSGml167yO https://t.co/YYmQng169F
@Bugcrowd
18 Jun 2025
1781 Impressions
1 Retweet
4 Likes
0 Bookmarks
1 Reply
0 Quotes
GlobalProtect XSS vuln (CVE-2025-0133) https://t.co/4U8CLVH7mF
@phisher305
18 Jun 2025
3053 Impressions
0 Retweets
30 Likes
8 Bookmarks
0 Replies
0 Quotes
Has CVE-2025-0133 been reported by anyone, and was it accepted by any bug bounty platforms?
@roohaa_n
17 Jun 2025
5326 Impressions
1 Retweet
37 Likes
14 Bookmarks
9 Replies
0 Quotes
The recently disclosed GlobalProtect XSS vuln (CVE-2025-0133) affects hundreds of thousands of organizations worldwide — including thousands of bug bounty programs. Try your luck by running this PoC 👇 #BugBounty #XSS #PoC https://t.co/Wtrw2el4ZQ
@nav1n0x
17 Jun 2025
31569 Impressions
51 Retweets
396 Likes
320 Bookmarks
6 Replies
0 Quotes
🚨 CVE-2025-0133 – Reflected XSS in PAN-OS Affects Palo Alto firewalls. Issued just 6 days ago. Nuclei detection template is now live ⚡️ #xss #infosec #security #bugbounty #paloalto https://t.co/zPm4VnrBV7
@pdnuclei
14 Jun 2025
7673 Impressions
5 Retweets
69 Likes
32 Bookmarks
1 Reply
1 Quote
🚨 CVE-2025-0133 - medium 🚨 PAN-OS - Reflected Cross-Site Scripting > A reflected cross-site scripting (XSS) vulnerability in the GlobalProtect™ gateway an... 👾 https://t.co/pk8n5FJa8K @pdnuclei #NucleiTemplates #cve
@pdnuclei_bot
13 Jun 2025
145 Impressions
0 Retweets
0 Likes
2 Bookmarks
0 Replies
0 Quotes
Palo Alto NetworksのPAN-OSの脆弱性(CVE-2025-0133)が修正-PoCエクスプロイトも確認 #セキュリティ対策Lab #セキュリティ #Security https://t.co/WvsoBeTYOS
@securityLab_jp
22 May 2025
21 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨Alert🚨 CVE-2025-0133: A Reflected Cross-Site Scripting (XSS) Vulnerability in GlobalProtect Gateway and Portal 📊 3.0M+Services are found on the https://t.co/ysWb28Crld yearly. 🔗Hunter Link:https://t.co/LuDWP1ur5y 👇Query HUNTER : https://t.co/q9rtuGgxk7="PAN-OS" SH
@HunterMapping
22 May 2025
3998 Impressions
25 Retweets
77 Likes
29 Bookmarks
1 Reply
0 Quotes
Palo Alto Networks discloses CVE-2025-0133, a reflected XSS vulnerability in GlobalProtect. Organizations urged to update PAN-OS and enhance user awareness. #CyberSecurity #PaloAlto #GlobalProtect #XSS https://t.co/o9MFvUXfcU
@dailytechonx
21 May 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Palo Alto GlobalProtect Vulnerability Enables Malicious Code Execution - PoC Released Read more: https://t.co/kmqVSCGqg8 Palo Alto Networks has disclosed a reflected cross-site scripting (XSS) vulnerability, tracked as CVE-2025-0133. #cybersecuritynews #vulnerability
@gbhackers_news
21 May 2025
55 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-0133 Reflected Cross-Site Scripting Vulnerability in Palo Alto Networks PAN-OS GlobalProtect https://t.co/ekC4HMAQSo
@VulmonFeeds
15 May 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes