Rescana Security Advisory Report: PAN-SA-2025-0009 Nosim Vulnerability

Vulnerability Overview: Palo Alto Networks has issued a security advisory for PAN-SA-2025-0009, addressing multiple vulnerabilities within the Chromium component of their products as part of the monthly vulnerability update for May 2025. These vulnerabilities have been assigned a high severity rating with a CVSS score of 7.6. The vulnerabilities could potentially affect the confidentiality, integrity, and availability of the systems.

Vulnerabilities Identified: - CVE-2025-3066: Use after free in Site Isolation - CVE-2025-3067: Inappropriate implementation in Custom Tabs - CVE-2025-3068: Inappropriate implementation in Intents - CVE-2025-3069: Inappropriate implementation in Extensions - CVE-2025-3070: Insufficient validation of untrusted input in Extensions - CVE-2025-3071: Inappropriate implementation in Navigations - CVE-2025-3072: Inappropriate implementation in Custom Tabs - CVE-2025-3073: Inappropriate implementation in Autofill - CVE-2025-3074: Inappropriate implementation in Downloads - CVE-2025-3619: Heap buffer overflow in Codecs - CVE-2025-3620: Use after free in USB - CVE-2025-4050: Out of bounds memory access in DevTools - CVE-2025-4051: Insufficient data validation in DevTools - CVE-2025-4052: Inappropriate implementation in DevTools - CVE-2025-4096: Heap buffer overflow in HTML - CVE-2025-4372: Use after free in WebAudio

Impact: The vulnerabilities primarily affect the Prisma Access Browser, specifically versions below 135.16.8.96, and have the potential to be exploited over a network with low attack complexity, requiring no user interaction or privilege escalation.

Exploitation in the Wild: Currently, there are no reports of these vulnerabilities being exploited in the wild. Palo Alto Networks has not identified any active exploitation attempts.

Mitigation and Recommendations: Palo Alto Networks advises updating to the fixed versions of their products as soon as possible to mitigate these vulnerabilities. The affected versions of the Prisma Access Browser are required to be updated to version 135.16.8.96 or later. No alternative workarounds or mitigations are available.

References: - Palo Alto Networks Security Advisory PAN-SA-2025-0009 - Chromium Security Fixes

This report serves as a notification of the identified vulnerabilities and as a call to action for users to apply the necessary updates to ensure the security of their systems.

DISCLAIMER: This report is based on the information available as of the publication date. Rescana disclaims any liability for any errors or omissions in the content of this report.

Executive Summary

In this advisory report, we address the critical vulnerabilities identified in the Palo Alto Networks Security Advisory PAN-SA-2025-0009, which pertain to the Chromium component of their products. These vulnerabilities, rated with a high CVSS score of 7.6, could severely impact the confidentiality, integrity, and availability of the affected systems. Our report aims to inform you about the vulnerabilities, their potential exploitation, and recommended mitigations, ensuring your cybersecurity defenses remain robust and up-to-date.

Technical Information

The PAN-SA-2025-0009 advisory outlines several critical vulnerabilities within the Chromium component, which is integral to the operation of several Palo Alto Networks products. The vulnerabilities identified include CVE-2025-3066 through CVE-2025-4372, each posing unique threats. For instance, CVE-2025-3066 is a 'Use after free' vulnerability in Site Isolation, which can lead to arbitrary code execution if exploited. Similarly, CVE-2025-3619, a heap buffer overflow in Codecs, could allow attackers to execute arbitrary code or cause a denial of service.

The vulnerabilities primarily affect the Prisma Access Browser, specifically versions below 135.16.8.96. These vulnerabilities can be exploited over a network with low attack complexity, which does not require user interaction or privilege escalation, making them particularly dangerous. The improper implementation and insufficient validation of untrusted input in various components, such as Custom Tabs and Extensions, could enable attackers to perform malicious actions ranging from data theft to system compromise.

Detailed technical insights into each vulnerability, including their respective attack vectors and potential impacts, are crucial for understanding the full scope of the threat. The advisory underscores the necessity of addressing these vulnerabilities promptly to mitigate potential risks.

Exploitation in the Wild

As of the latest reports, there have been no confirmed instances of these vulnerabilities being actively exploited in the wild. The lack of exploitation reports suggests that while the vulnerabilities are severe, they have not yet been leveraged by threat actors. However, the absence of exploitation should not lead to complacency, as the complexity and potential impact of these vulnerabilities necessitate proactive mitigation measures.

APT Groups using this vulnerability

Currently, there are no known Advanced Persistent Threat (APT) groups exploiting these vulnerabilities. However, the high severity of these vulnerabilities makes them attractive targets for APT groups, which often exploit such weaknesses to gain unauthorized access to sensitive systems. Organizations should remain vigilant and monitor for any emerging threats or indicators of compromise associated with these vulnerabilities.

Affected Product Versions

The vulnerabilities impact the Prisma Access Browser, particularly versions below 135.16.8.96. Organizations utilizing these versions should prioritize updating to the latest release to safeguard against potential exploitation. It is crucial to ensure that all components utilizing the Chromium framework within the organization's infrastructure are assessed and updated accordingly.

Workaround and Mitigation

Palo Alto Networks has strongly recommended updating to the fixed versions of their products as the primary mitigation strategy. Users must update the affected versions of the Prisma Access Browser to version 135.16.8.96 or later to address the vulnerabilities. As no alternative workarounds or mitigations have been provided, timely updates are essential to prevent potential exploitation.

References

For further details on the vulnerabilities and the recommended fixes, please refer to the following resources: - Palo Alto Networks Security Advisory PAN-SA-2025-0009 - Chromium Security Fixes

Rescana is here for you

At Rescana, we understand the complexities and challenges posed by cybersecurity threats. Our Third Party Risk Management (TPRM) platform is designed to help organizations like yours navigate these challenges by providing comprehensive oversight and management of cybersecurity risks. We are committed to supporting you in maintaining a secure operational environment. Should you have any questions about this report or require further assistance, please do not hesitate to contact us at ops@rescana.com. Your security is our priority, and we are here to assist you in any way possible.