Palo Alto Networks Addresses High-Severity Firewall Vulnerability Amid Active Exploits
February 14, 2025
Palo Alto Networks has resolved a critical authentication bypass vulnerability (CVE-2025-0108) in the management web interface of its next-generation firewalls. Although the company has not reported any observed malicious exploits, threat intelligence firm GreyNoise has identified active exploitation efforts, causing alarm for businesses utilizing PAN-OS.
The vulnerability enables unauthenticated attackers to run specific PHP scripts on the firewall’s management interface. While this does not provide remote code execution (RCE), Palo Alto Networks concedes that exploitation could compromise the integrity and confidentiality of PAN-OS.
The flaw was unearthed by researchers at Assetnote, who were initially examining patches for two previously exploited vulnerabilities—CVE-2024-0012 and CVE-2024-9474. These vulnerabilities were used by attackers in November 2024 to compromise over 2,000 PAN firewalls. "As we looked further into the architecture of the management interface, we suspected something was off, even post-patch," stated Assetnote researcher Adam Kues.
Further investigation revealed exploitable inconsistencies in how three key components—Nginx, Apache, and the PHP application—process web requests to the firewall’s management interface. This led to the identification of CVE-2025-0108. Assetnote’s CTO, Shubham Shah, explained that this is a unique security flaw, although it results from similar architectural design choices that contributed to previous vulnerabilities.
A proof-of-concept (PoC) exploit for CVE-2025-0108 has been made public, simplifying the process for threat actors to target unpatched systems. Shortly after the disclosure, GreyNoise, which monitors malicious internet activity, noticed active exploitation attempts targeting this vulnerability. This indicates that attackers are already scanning for vulnerable Palo Alto Networks firewalls, likely with the intention of gaining unauthorized access.
Palo Alto Networks has issued patches to rectify the vulnerability in the following PAN-OS versions: Companies using PAN-OS are strongly advised to apply security patches promptly to reduce the risk. In addition, security teams should take proactive measures to safeguard their environments.
Related News
- Palo Alto Networks Firewalls Compromised by Hackers Exploiting Recent Vulnerabilities
- CISA Identifies Actively Exploited Vulnerability in Progress Kemp LoadMaster
- Palo Alto Networks Addresses Four Critical Security Flaws in Expedition Firewall
Latest News
- Critical Remote Code Execution Vulnerability Identified in WinZip: CVE-2025-1240
- Russian Sandworm APT's Subgroup, BadPilot, Exploits Edge Bugs on a Global Scale
- PandasAI Vulnerability Allows Full System Compromise Through Prompt Injection
- Fortinet Firewalls Compromised by New Zero-Day Exploit
- SonicWall Firewall Vulnerability Allows VPN Session Hijacking: Urgent Patch Required
Like what you see?
Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.