About Authentication Bypass – PAN-OS (CVE-2025-0108) vulnerability. PAN-OS is the operating system used in all Palo Alto Network NGFWs. This vulnerability allows an unauthenticated attacker to gain access to the PAN-OS management web interface. The attacker can then “invoke certain PHP scripts”, compromising the integrity and confidentiality of PAN-OS. 😏
🔹 The vendor bulletin was released on February 12. On the same day, Assetnote posted a write-up on the vulnerability. The next day, a PoC exploit appeared on GitHub.
🔹 On February 18, GreyNoise reported that they had detected active exploitation attempts. According to Palo Alto, the vulnerability is being exploited alongside EoP CVE-2024-9474 and Authenticated File Read CVE-2025-0111 vulnerabilities. As a result, the attacker gains the ability to execute Linux commands on the device as root. 😱
Install updates and restrict access to administrative web interfaces! 😉
Hi! My name is Alexander and I am a Vulnerability Management specialist. You can read more about me here. Currently, the best way to follow me is my Telegram channel @avleonovcom. I update it more often than this site. If you haven’t used Telegram yet, give it a try. It’s great. You can discuss my posts or ask questions at @avleonovchat.
А всех русскоязычных я приглашаю в ещё один телеграмм канал @avleonovrus, первым делом теперь пишу туда.