Tag Archives: GreyNoise

About Authentication Bypass – PAN-OS (CVE-2025-0108) vulnerability

About Authentication Bypass – PAN-OS (CVE-2025-0108) vulnerability. PAN-OS is the operating system used in all Palo Alto Network NGFWs. This vulnerability allows an unauthenticated attacker to gain access to the PAN-OS management web interface. The attacker can then “invoke certain PHP scripts”, compromising the integrity and confidentiality of PAN-OS. 😏

🔹 The vendor bulletin was released on February 12. On the same day, Assetnote posted a write-up on the vulnerability. The next day, a PoC exploit appeared on GitHub.

🔹 On February 18, GreyNoise reported that they had detected active exploitation attempts. According to Palo Alto, the vulnerability is being exploited alongside EoP CVE-2024-9474 and Authenticated File Read CVE-2025-0111 vulnerabilities. As a result, the attacker gains the ability to execute Linux commands on the device as root. 😱

Install updates and restrict access to administrative web interfaces! 😉

На русском

This is my personal blog. The opinions expressed here are my own and not of my employer. All product names, logos, and brands are property of their respective owners. All company, product and service names used here for identification purposes only. Use of these names, logos, and brands does not imply endorsement. You can freely use materials of this site, but it would be nice if you place a link on https://avleonov.com and send message about it at me@avleonov.com or contact me any other way.

Alexander V. Leonov

Vulnerability Management and more

Tag Archives: GreyNoise

About Authentication Bypass – PAN-OS (CVE-2025-0108) vulnerability