Fixed an issue where the devsrvr process restarted after a failed commit due to an invalid memory access.

A fix was made to address CVE-2025-0111.

A fix was made to address CVE-2025-0108.

A fix was made to address CVE-2025-0109.

Fixed an issue where a syntax error in the index generation script caused a high management plane CPU load after upgrading.

Fixed an issue where 25G port links did not come up due to a change in the handling of 25G DAC modules.

Fixed an issue where TLS 1.3 decryption failed with a bad record MAC error when the firewall was configured to decrypt and inspect TLS traffic.

Fixed an issue where early TLS data was not handled correctly by the accumulation proxy.

Fixed an issue where the Panorama web interface was slower than expected when querying for device tags.

Fixed an issue where Panorama did not display logs from firewalls after upgrading to PAN-OS 10.2.11 on devices due to Elasticsearch (ES) getting restarted continuously.

Fixed an issue where GlobalProtect clients failed to connect with the error message The device or feature requires a GlobalProtect subscription license.

Fixed an issue where Panorama was slower than expected when using a high number of device group tags in a non-shared context.

Fixed an issue where IP address tags were removed from firewalls after a management server or useridd process restart. This occurred when a Panorama serial-number based configuration was used for User-ID redistribution.

Fixed an issue where traffic was dropped when the accumulation proxy was enabled and header insertion modified packets.

Fixed an issue where Receive Time and Time Generated were not visible as attributes in the Filter Builder for system logs and URL filtering logs.

Fixed an issue on hardware firewalls where, when SSL decryption was enabled and Client Hello messages spanned multiple TCP segments, some SSL decrypted sessions failed.

Fixed an issue where the firewall rebooted unexpectedly due to the all_task process restarting with an OOM condition due to a memory leak on the reportd process.

Fixed an issue where multicast streams were unstable with ECMP and dropped every 30 seconds.

Fixed an issue where BFD sessions took longer than expected to establish after an HA failover due to BGP.

Fixed an issue where a kernel race condition caused the firewall to reboot with a kernel panic.

Fixed an issue where frequent external dynamic list updates caused the configd process to restart.

Fixed an issue on the firewall where enabling flow basic caused the firewall to stop responding due to a masterd process restart.

Fixed an issue where the Policy page on the Panorama web interface was slower than expected when a device group had a large number of managed devices.

Fixed an issue where custom admin users were not able to click OK in the push scope selection window when device group or template were disabled under commit in the admin roles.

Fixed an issue where the ECMP FIB update on the dataplane didn't clear the pending change flag, which caused the next non-ECMP FIB update to miss the latest generation ID and age out after 5 minutes

Fixed an issue where Push All Changes displayed changes that were already committed in the push scope for another device group after performing a selective commit and selective push to the first device group.

Fixed an issue where the output of the request logging-service-forwarding status CLI command did not display the correct information after successfully onboarding a firewall to Cloud Delivered Licensing (CDL).