Authentication bypass vulnerability in Palo Alto Networks PAN-OS management web interface allows unauthenticated attackers to bypass authentication and invoke PHP scripts that can compromise firewall integrity and confidentiality. This vulnerability is actively exploited in the wild and listed in CISA KEV catalog.
Data Source: CIRCL
Confidence: HIGH
Exploitation Method: DIRECT_NETWORK
CVE Published: 2025-02-12
Added to CISA KEV: 2025-02-18 6 DAYS BETWEEN CVE AND KEV
CVE-2025-0108 is a critical authentication bypass vulnerability affecting Palo Alto Networks PAN-OS software [1].
Palo Alto Networks Security Advisory: CVE-2025-0108 PAN-OS: Authentication Bypass in the Management Web Interface An authentication bypass ... Exploitation Status Palo Alto Networks has observed exploit attempts chaining CVE-2025-0108 with CVE-2024-9474 and CVE-2025-0111 on unpatched and unsecured P…
Palo Alto Networks tags new firewall bug as exploited in attacks - Palo Alto Networks warns that a file read vulnerability (CVE-2025-0111) is now being chained in attacks with two other flaws (CVE-2025-0108 with CVE-2024-9474) to breach PAN-OS firewalls in active attacks. ... attackers making exploi…
An authentication bypass in the Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface.
CVE-2025-0108 Detail Description An authentication bypass in the Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to bypass the authentication otherwise required by the PAN-OS management web interface and invoke certain PHP sc…
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected). ... Attack Requirements Present. User Interaction None. Vulnerable System Confidentiality Impact High.chaining CVE-2025-0108 with CVE-2024-9474 and CVE-2025-0111 on unpatched and u…