Source: Help Net Security Author: Zeljka Zorz URL: https://www.helpnetsecurity.com/2025/02/13/pan-os-authentication-bypass-palo-alto-networks-poc-cve-2025-0108/

ONE SENTENCE SUMMARY:

Palo Alto Networks patched a high-severity authentication bypass vulnerability (CVE-2025-0108) in its firewalls, urging admins to update and restrict access.

MAIN POINTS:

1. Palo Alto Networks fixed CVE-2025-0108, an authentication bypass flaw in its firewall management web interface.
2. A proof-of-concept (PoC) exploit for the vulnerability has been publicly released.
3. The flaw was discovered while analyzing patches for previously exploited vulnerabilities, CVE-2024-0012 and CVE-2024-9474.
4. Exploiting CVE-2025-0108 allows invoking PHP scripts, affecting PAN-OS integrity and confidentiality.
5. The vulnerability has been patched in PAN-OS versions 11.2.4-h4, 11.1.6-h1, 10.2.13-h3, and 10.1.14-h9.
6. Additional fixes include CVE-2025-0111 (authenticated file read) and CVE-2025-0109 (unauthenticated file deletion).
7. Administrators are advised to disable management interface access from untrusted networks.
8. Unexpected firewall reboots are due to a bug in PAN-OS 11.1.4-h7/h9, not an attack.
9. A hotfix (11.1.4-h12) for the reboot issue was released with limited availability on January 31.
10. Palo Alto Networks plans a general availability update (11.1.4-h13) by February 20.

TAKEAWAYS:

1. Update to the latest PAN-OS versions to mitigate security risks.
2. Restrict access to the management web interface from untrusted sources.
3. No known malicious exploitation of CVE-2025-0108 has been reported.
4. Administrators should be aware of unexpected reboots caused by a software bug, not an attack.
5. Additional security patches have been released, addressing multiple vulnerabilities in PAN firewalls.