Source: Help Net Security Author: Zeljka Zorz URL: https://www.helpnetsecurity.com/2025/02/13/pan-os-authentication-bypass-palo-alto-networks-poc-cve-2025-0108/
-
ONE SENTENCE SUMMARY: Palo Alto Networks patched a high-severity authentication bypass vulnerability (CVE-2025-0108) in its firewalls, urging admins to update and restrict access.
-
MAIN POINTS:
-
Palo Alto Networks fixed CVE-2025-0108, an authentication bypass flaw in its firewall management web interface.
-
A proof-of-concept (PoC) exploit for the vulnerability has been publicly released.
-
The flaw was discovered while analyzing patches for previously exploited vulnerabilities, CVE-2024-0012 and CVE-2024-9474.
-
Exploiting CVE-2025-0108 allows invoking PHP scripts, affecting PAN-OS integrity and confidentiality.
-
The vulnerability has been patched in PAN-OS versions 11.2.4-h4, 11.1.6-h1, 10.2.13-h3, and 10.1.14-h9.
-
Additional fixes include CVE-2025-0111 (authenticated file read) and CVE-2025-0109 (unauthenticated file deletion).
-
Administrators are advised to disable management interface access from untrusted networks.
-
Unexpected firewall reboots are due to a bug in PAN-OS 11.1.4-h7/h9, not an attack.
-
A hotfix (11.1.4-h12) for the reboot issue was released with limited availability on January 31.
-
Palo Alto Networks plans a general availability update (11.1.4-h13) by February 20.
-
TAKEAWAYS:
-
Update to the latest PAN-OS versions to mitigate security risks.
-
Restrict access to the management web interface from untrusted sources.
-
No known malicious exploitation of CVE-2025-0108 has been reported.
-
Administrators should be aware of unexpected reboots caused by a software bug, not an attack.
-
Additional security patches have been released, addressing multiple vulnerabilities in PAN firewalls.