A memory corruption flaw in how Palo Alto Networks PAN-OS parses tunnel traffic enables an authenticated user to send a crafted packet that triggers a system reboot. Multiple reboot attempts lock the firewall into maintenance mode, rendering it unavailable for normal operation. The flaw does not provide code execution or data exfiltration and therefore its primary effect is to interrupt network services through forced reboots.

The vulnerability affects PAN-OS installations running on firewalls. Vulnerable versions include PAN-OS 12.1.2 through 12.1.4‑h*, PAN-OS 11.2.0 through 11.2.9‑h*, PAN-OS 11.1.0 through 11.1.11, and PAN-OS 10.2.0 through 10.2.17. Panorama, Cloud NGFW, and Prisma Access are not impacted. All older and unsupported PAN‑OS releases should be upgraded to a supported fixed version.

The CVSS score of 4.6 indicates moderate severity. EPSS data is unavailable and the flaw is not listed in CISA KEV, suggesting limited public exploitation. The attack vector requires authenticated administrative access; an attacker with compromised credentials can repeatedly induce reboots, causing downtime and potential maintenance lockout, creating a moderate operational risk if administrative accounts are not tightly controlled.