Palo Alto Networks Addresses High-Severity Firewall Vulnerability Amid Active Exploits

February 14, 2025

Palo Alto Networks has resolved a critical authentication bypass vulnerability (CVE-2025-0108) in the management web interface of its next-generation firewalls. Although the company has not reported any observed malicious exploits, threat intelligence firm GreyNoise has identified active exploitation efforts, causing alarm for businesses utilizing PAN-OS.

The vulnerability enables unauthenticated attackers to run specific PHP scripts on the firewall’s management interface. While this does not provide remote code execution (RCE), Palo Alto Networks concedes that exploitation could compromise the integrity and confidentiality of PAN-OS.

The flaw was unearthed by researchers at Assetnote, who were initially examining patches for two previously exploited vulnerabilities—CVE-2024-0012 and CVE-2024-9474. These vulnerabilities were used by attackers in November 2024 to compromise over 2,000 PAN firewalls. "As we looked further into the architecture of the management interface, we suspected something was off, even post-patch," stated Assetnote researcher Adam Kues.

Further investigation revealed exploitable inconsistencies in how three key components—Nginx, Apache, and the PHP application—process web requests to the firewall’s management interface. This led to the identification of CVE-2025-0108. Assetnote’s CTO, Shubham Shah, explained that this is a unique security flaw, although it results from similar architectural design choices that contributed to previous vulnerabilities.

A proof-of-concept (PoC) exploit for CVE-2025-0108 has been made public, simplifying the process for threat actors to target unpatched systems. Shortly after the disclosure, GreyNoise, which monitors malicious internet activity, noticed active exploitation attempts targeting this vulnerability. This indicates that attackers are already scanning for vulnerable Palo Alto Networks firewalls, likely with the intention of gaining unauthorized access.

Palo Alto Networks has issued patches to rectify the vulnerability in the following PAN-OS versions: Companies using PAN-OS are strongly advised to apply security patches promptly to reduce the risk. In addition, security teams should take proactive measures to safeguard their environments.

Related News

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.