2025-02-22 02:49:10 Pacfic
Palo Alto Networks PAN-OS Authentication Bypass Actively Exploited - 6d
Active exploitation of a high-severity authentication bypass vulnerability, CVE-2025-0108, affecting Palo Alto Networks PAN-OS is being observed. GreyNoise has confirmed live attacks on PAN-OS firewalls. This flaw allows unauthenticated attackers to access the management web interface and execute specific PHP scripts, potentially leading to unauthorized access. Organizations relying on PAN-OS firewalls should assume that unpatched devices are being targeted.
To mitigate this threat, defenders should apply security patches for PAN-OS as soon as possible and restrict access to firewall management interfaces, ensuring they are not publicly exposed. It is recommended to monitor active exploitation trends and leverage real-time threat intelligence to stay ahead of exploitation attempts. Researchers have noted that the vulnerability is trivial to exploit, increasing the potential for widespread abuse.
ImgSrc: cdn.prod.website-files.com
References:
- The GreyNoise Blog - GreyNoise Observes Active Exploitation of PAN-OS Authentication Bypass Vulnerability (CVE-2025-0108) - 7d
- @greynoise - 🚨 CVE-2025-0108 is being actively exploited! 🚨 GreyNoise sees live attacks on PAN-OS firewalls. - 7d
- Blog - New Palo Alto vulnerability with active exploit attempts discovered - 6d
- veriti.ai - CVE-2025-0108: Active Exploits Targeting Palo Alto PAN-OS – What You Need to Know - 6d
- Security Archives - Security Affairs - Threat actors are exploiting a recently disclosed vulnerability, tracked as CVE-2025-0108, in Palo Alto Networks PAN-OS firewalls. - 5d
- @ntkramer - & - it took no time for the POC of CVE-2025-0108 (PAN-OS Authentication Bypass) to start being fired off across the internet. We're back-processing some data now to pick up some prior exploitation as - 5d
- SOCRadar? Cyber Intelligence Inc. - Palo Alto Firewall Vulnerability (CVE-2025-0108) Under Attack – Are You at Risk? - 5d
- VERITI - CVE-2025-0108: Active Exploits Targeting Palo Alto PAN-OS – What You Need to Know - 5d
- securityadvisories.paloaltonetworks.com - Authentication Bypass in PAN-OS Management Web Interface Allows Unauthorized Access - 5d
- @BleepingComputer - Hackers are launching attacks against Palo Alto Networks PAN-OS firewalls by exploiting a recently fixed vulnerability (CVE-2025-0108) that allows bypassing authentication. - 4d
- The Hacker News - CISA Adds Palo Alto Networks and SonicWall Flaws to Exploited Vulnerabilities List - 2d
- News | CSO Online - Hackers gain root access to Palo Alto firewalls through chained bugs - 2d
- Security Archives - Security Affairs - U.S. CISA adds SonicWall SonicOS and Palo Alto PAN-OS flaws to its Known Exploited Vulnerabilities catalog - 2d
- securebulletin.com - Critical Palo Alto Firewall flaw under active attack: Patch NOW! - 1d
- AboutDFIR ? The Definitive Compendium Project - Palo Alto Networks warns that a file read vulnerability (CVE-2025-0111) is now being chained in attacks with two other flaws (CVE-2025-0108 with CVE-2024-9474) to breach PAN-OS firewalls in active att - 1d
- Secure Bulletin - Critical Palo Alto Firewall flaw under active attack: Patch NOW! - 1d
- techcrunch.com - Palo Alto Networks warns that hackers are exploiting another vulnerability in its firewall software to break into unpatched customer networks - 1d
Classification:
- HashTags: vulnerability PAN-OS activeexploitation
- Company: Palo Alto Networks
- Target: PAN-OS users
- Product: PAN-OS
- Feature: Authentication Bypass
- Type: Vulnerability
- Severity: Critical