Firewall vulnerability at Palo Alto Networks is currently under active exploitation by cyber attackers.
In a recent security alert, Palo Alto Networks has confirmed that a high severity vulnerability, CVE-2025-0108, is currently being exploited by attackers in their PAN-OS management web interface. This critical authentication bypass vulnerability allows unauthenticated attackers with network access to bypass authentication mechanisms on the management web interface, potentially gaining unauthorized access.
The vulnerability impacts PAN-OS versions 10.1.0 through 10.1.14, and 10.2.0 through 10.2.13. According to Palo Alto Networks, the vulnerability is rated with a high severity (CVSS 9.1 critical). To mitigate exploitation risk, the company has issued a fix for CVE-2025-0108 in the PAN-OS 11.1.4-h13 update released on June 30, 2025. Organizations are strongly advised to upgrade to the patched version as soon as possible.
While the current status and impact of CVE-2024-9478 remains unclear, the urgent attention given to CVE-2025-0108 highlights the need for timely patching and vigilance in network security. In fact, the discovery of malicious IPs by GreyNoise, a company that identifies malicious network activity, underscores the urgency of applying security updates for CVE-2025-0108. GreyNoise researchers have identified 25 unique IPs with malicious intent related to CVE-2025-0108.
The nature of CVE-2025-0108 also suggests that attackers may need to combine it with another exploit to achieve command execution. For instance, CVE-2024-0012, another vulnerability discovered by researchers from AssetNote, could allow attackers to tamper with device configuration and potentially exploit other authenticated privilege escalation bugs, such as CVE-2024-9474.
The complexity and persistence of the threat posed by CVE-2025-0108 are further highlighted by the discovery of suspicious behaviour by AssetNote in patched networks. This behaviour, not limited to the known vulnerabilities, underscores the need for continuous monitoring and vigilance in network security.
In response to these findings, Palo Alto Networks is urging all customers with internet-facing PAN-OS management interfaces to immediately apply the security updates released on Feb. 12, 2025. Organisations should also consult Palo Alto Networks’ official security advisories and the CISA Known Exploited Vulnerabilities catalog for the latest updates and ensure timely patching to prevent exploitation.
Shubham Shah, co-founder and CTO of AssetNote, emphasised the severity of the situation via email to Cybersecurity Dive, stating, "The discovery of malicious IPs by GreyNoise and the persistent behaviour we've observed in patched networks underscores the urgency of applying security updates for CVE-2025-0108."
As the threat landscape continues to evolve, it is essential for organisations to prioritise network security and stay informed about the latest vulnerabilities and threats. By applying timely patches and maintaining vigilance, organisations can help protect their networks from potential attacks.
1.To address the high-severity vulnerability CVE-2025-0108, organizations using Palo Alto Networks' PAN-OS should immediately apply the security updates and upgrade to the patched version, as the vulnerability is currently being exploited by attackers and rated with a high severity (CVSS 9.1 critical).
- The persistence of the threat posed by CVE-2025-0108, along with the discovery of malicious IPs by GreyNoise and suspicious behavior in patched networks, underlines the importance of continuous monitoring and vigilance in cybersecurity technology, as well as the need for timely patching to prevent potential attacks.
