Tag Archives: Assetnote

About Authentication Bypass – PAN-OS (CVE-2025-0108) vulnerability

Leave a reply

About Authentication Bypass - PAN-OS (CVE-2025-0108) vulnerability

About Authentication Bypass – PAN-OS (CVE-2025-0108) vulnerability. PAN-OS is the operating system used in all Palo Alto Network NGFWs. This vulnerability allows an unauthenticated attacker to gain access to the PAN-OS management web interface. The attacker can then “invoke certain PHP scripts”, compromising the integrity and confidentiality of PAN-OS. 😏

🔹 The vendor bulletin was released on February 12. On the same day, Assetnote posted a write-up on the vulnerability. The next day, a PoC exploit appeared on GitHub.

🔹 On February 18, GreyNoise reported that they had detected active exploitation attempts. According to Palo Alto, the vulnerability is being exploited alongside EoP CVE-2024-9474 and Authenticated File Read CVE-2025-0111 vulnerabilities. As a result, the attacker gains the ability to execute Linux commands on the device as root. 😱

Install updates and restrict access to administrative web interfaces! 😉

На русском

October 2023: back to Positive Technologies, Vulristics updates, Linux Patch Wednesday, Microsoft Patch Tuesday, PhysTech VM lecture

2 Replies

October 2023: back to Positive Technologies, Vulristics updates, Linux Patch Wednesday, Microsoft Patch Tuesday, PhysTech VM lecture. Hello everyone! October was an interesting and busy month for me. I started a new job, worked on my open source Vulristics project, and analyzed vulnerabilities using it. Especially Linux vulnerabilities as part of my new Linux Patch Wednesday project. And, of course, analyzed Microsoft Patch Tuesday as well. In addition, at the end of October I was a guest lecturer at MIPT/PhysTech university. But first thing first.

Alternative video link (for Russia): https://vk.com/video-149273431_456239138

Continue reading