CVE-2025-0129

Palo Alto Networks Prisma Access Browser (PAB) - Bypassing security controls via partial sandbox escape

CVE ID

CVE-2025-0129

Description

The vulnerability allows users to bypass the Palo Alto Networks Prisma Access Browser (PAB) security policies, enabling unauthorized actions and effectively bypassing the enforced security controls..

Tested Versions

131.109.2963.1

Details

Palo Alto Networks Prisma Access Browser (PAB) is an enterprise browser which emerged as a critical security control for organisations seeking to protect sensitive data and enforce security policies in cloud-first environments.

Timeline

• 2024-12-30 - Vendor Disclosure
• 2025-03-05 - Vendor Patched
• 2025-04-10 - Public Release

Credit

Discovered by Tan Inn Fung, Yu Ann Ong, Zhang Bosen from the GovTech Cybersecurity Group.