Palo Alto Networks Trust Protection Foundation SQL Injection Vulnerability

A SQL injection vulnerability exists in Trust Protection Foundation, allowing authenticated attackers to execute arbitrary SQL commands on the product database. This exploitation could lead to unauthorized access to sensitive data, modification of database contents, and privilege escalation, potentially granting full administrative control of the platform. The vulnerability affects Trust Protection Foundation versions 25.3.0 prior to 25.3.3, 25.1.0 prior to 25.1.8, 24.3.0 prior to 24.3.6, and 24.1.0 prior to 24.1.13.

Impact

Exploitation of this vulnerability could result in unauthorized database access, data manipulation, and elevated privileges, allowing an attacker to gain full administrative rights on the platform.

Remediation

Users can upgrade to Trust Protection Foundation version 25.3.3 or later, 25.1.8 or later, 24.3.6 or later, or 24.1.13 or later, depending on their current version. Those on older versions should upgrade to a supported fixed version.