CVE-2025-0108

Published Feb 12, 2025

Last updated 17 hours ago

Exploit knownCVSS high 8.8

Overview

AI description

Generated using AI and has not been reviewed by Intruder. May contain errors.

CVE-2025-0108 is an authentication bypass vulnerability found in the web management interface of Palo Alto Networks' PAN-OS firewall software. This vulnerability allows unauthenticated network access to bypass authentication and execute certain PHP scripts on affected devices. While this flaw doesn't directly permit remote code execution, it can compromise the integrity and confidentiality of the PAN-OS system. This vulnerability has been actively exploited in the wild.

Description
An authentication bypass in the Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to bypass the authentication otherwise required by the PAN-OS management web interface and invoke certain PHP scripts. While invoking these PHP scripts does not enable remote code execution, it can negatively impact integrity and confidentiality of PAN-OS. You can greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended best practices deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue does not affect Cloud NGFW or Prisma Access software.
Source
psirt@paloaltonetworks.com
NVD status
Modified

Insights

Analysis from the Intruder Security Team
Published Feb 13, 2025 Updated Feb 13, 2025

The mitigations that were put in place following the previous authentication bypass (CVE-2024-0012) were incomplete. The authentication step for the management panel can be abused to change the order of processing requests between various underlying technologies (apache, nginx, PHP), resulting in an auth bypass. AssetNote released a technical breakdown of this vulnerability.

Palo Alto have released patches for the vulnerability, details are available here

Risk scores

CVSS 4.0

Type
Secondary
Base score
8.8
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:M/U:Red
Severity
HIGH

CVSS 3.1

Type
Primary
Base score
9.1
Impact score
5.2
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Severity
CRITICAL

Known exploits

Data from CISA

Vulnerability name
Palo Alto Networks PAN-OS Authentication Bypass Vulnerability
Exploit added on
Feb 18, 2025
Exploit action due
Mar 11, 2025
Required action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Weaknesses

psirt@paloaltonetworks.com
CWE-306
nvd@nist.gov
CWE-306

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

16

  1. Palo Alto Networks warns that a file read vulnerability (CVE-2025-0111) is now being chained in attacks with two other flaws (CVE-2025-0108 with CVE-2024-9474) to breach PAN-OS firewalls in active attacks. https://t.co/kBTdJnAFpQ

    @blackwired32799

    20 Feb 2025

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Have you updated your PAN-OS firewall? A file read vulnerability (CVE-2025-0111) is being exploited in combination with two other vulnerabilities (CVE-2025-0108 and CVE-2024-9474) to gain root privileges on an unpatched PAN-OS firewall. https://t.co/6FBudk6COp

    @WRANCORP

    20 Feb 2025

    97 Impressions

    0 Retweets

    4 Likes

    0 Bookmarks

    0 Replies

    1 Quote

  3. Palo Alto Networks warns that a file read vulnerability (CVE-2025-0111) is now being chained in attacks with two other flaws (CVE-2025-0108 with CVE-2024-9474) to breach PAN-OS firewalls in active attacks. https://t.co/I1DIMQtMwb #rhymtech #thinkcyberthinkrhym #rhymcyberupdates

    @Rhym_Tech

    20 Feb 2025

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. Palo Alto Networks warns that a new exploit chain is actively being used against unpatched PAN-OS firewalls. Attackers are chaining CVE-2025-0108, CVE-2024-9474, and CVE-2025-0111 to gain root access and steal sensitive data. Despite patches being available https://t.co/SUfubA5Ye

    @cyberbulletins

    20 Feb 2025

    56 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. Palo Alto Networks warns of another firewall vulnerability under attack by hackers. The company updated its advisory on Tuesday to warn that the vulnerability tracked as CVE-2025-0108 is under active attack. https://t.co/SuQ8EAz6Pm https://t.co/C7eKWVl095

    @riskigy

    20 Feb 2025

    30 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  6. Palo Alto Networks warns that hackers are actively exploiting a critical authentication bypass flaw (CVE-2025-0108) in PAN-OS firewalls, chaining it with two ot… #CyberSecurity ⁦@PaloAltoNtwks⁩ https://t.co/G9ajglJ2E7

    @1Ivango1

    20 Feb 2025

    28 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. 🚨 High Security Vulnerability 🆔 CVE-2025-0108 💣 CVSS Score: 8.8 📅 Published Date: 25/02/12 ⚠️ Details: An authentication bypass in the Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to bypass the… htt

    @DarkWebInformer

    19 Feb 2025

    2609 Impressions

    2 Retweets

    19 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  8. 🚨 **New PAN-OS Vulnerability Alert!** 🚨 CVE-2025-0108 is an **authentication bypass flaw** putting **Palo Alto firewalls** at risk! Hackers are **actively exploiting** it—don't wait to secure your system. Learn how to **patch & protect** now: 🔗 https://t.co/pw8lAKGKxO h

    @Yobitech_Cyber

    19 Feb 2025

    33 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. 🚨 Critical vulnerability (CVE-2025-0108) in Palo Alto Networks' PAN-OS allows attackers to bypass authentication. Affected versions should be patched immediately as exploitation attempts increase globally. 🌍 #PaloAlto #CISA #USA https://t.co/lwBSn8TcOK

    @4matic247

    19 Feb 2025

    3 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. Concerned about Palo Alto Zero Day CVE-2025-0108? See how you can easily address and mitigate using the security features of Forward Enterprise, the award-winning network digital twin platform. Stay safe! #networksecurity #cybersecurity #CVE2025_0108 https://t.co/oyZUjjc5JA

    @FwdNetworks

    19 Feb 2025

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    4 Replies

    0 Quotes

  11. CISA has added two significant vulnerabilities affecting Palo Alto Networks PAN-OS and SonicWall SonicOS SSLVPN to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. 🔴 CVE-2025-0108 (CVSS: 7.8): This is an authentication… http

    @cytexsmb

    19 Feb 2025

    236 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    3 Replies

    1 Quote

  12. Palo Alto Networks alerts of active exploits in PAN-OS firewalls affecting unpatched devices. CVE-2025-0111, CVE-2025-0108, and CVE-2024-9474 pose risks to sensitive data. #CISA #PaloAlto #USA link: https://t.co/BWFJjXMbtR https://t.co/fngIbmgBM5

    @TweetThreatNews

    19 Feb 2025

    108 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    5 Replies

    0 Quotes

  13. 🚨 Critical vulnerability (CVE-2025-0108) in Palo Alto Networks' PAN-OS allows attackers to bypass authentication. Affected versions should be patched immediately as exploitation attempts increase globally. 🌍 #PaloAlto #CISA #USA link: https://t.co/yBhfs9XY8G https://t.co/cN0jv

    @TweetThreatNews

    19 Feb 2025

    85 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    4 Replies

    0 Quotes

  14. Palo Alto Networks has reported active exploitation of vulnerabilities in its PAN-OS software, specifically CVE-2024-9474 (6.9-rated) and CVE-2025-0108 (8.8-rated), which, when chained with CVE-2025-0111 (7. https://t.co/8s67C36hqT

    @securityRSS

    19 Feb 2025

    55 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2025-0108 Palo Alto Networks #PAN-OS Authentication Bypass Vulnerability https://t.co/1y7fJwOQZI

    @ScyScan

    19 Feb 2025

    13 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  16. #CISA has added the latest #PaloAlto CVE-2025-0108 to its list of the Known Exploited Vulnerabilities (KEV). We already have a module ready in the OWASP Nettacker project to detect this CVE, will be pushing the next release very soon: https://t.co/AvxiaEazu5

    @securestep9

    19 Feb 2025

    78 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  17. La CISA avertit de plusieurs attaques exploitant une faille critique sur des équipements Palo Alto fonctionnant sous PAN-OS (CVE-2025-0108) https://t.co/sFFVB9NaMz

    @cert_ist

    19 Feb 2025

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. پالو آلتو نتورکس از وجود یک آسیب‌پذیری دیگر در دیوار آتش در حال حمله توسط هکرها هشدار می‌دهد 🚨🔒 🚨 هشدار امنیتی 🚨 شرکت Palo Alto Networks هشدار داده است که هکرها از آسیب‌پذیری CVE-2025-0108 در سیستم‌عامل PAN-OS برای نفوذ به شبکه‌ها استفاده می‌ک... https://t.co/cOoqUotCiU

    @Techcrunchfarsi

    19 Feb 2025

    25 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. 🧐 VulnWatch Wednesday: CVE-2025-0108 🔓 CISA has added a security flaw impacting Palo Alto Networks PAN-OS to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. https://t.co/5fNINv8V3F

    @kpoireault

    19 Feb 2025

    67 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  20. Actively exploited CVE : CVE-2025-0108

    @transilienceai

    19 Feb 2025

    16 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  21. 🚨 Palo Alto Firewall Vulnerability Actively Exploited in the Wild | More Details: https://t.co/rwo90EkQ0v 👉 CISA has issued an urgent alert regarding actively exploiting a high-severity authentication bypass vulnerability (CVE-2025-0108) in Palo Alto Networks PAN-OS, the… http

    @The_Cyber_News

    19 Feb 2025

    401 Impressions

    1 Retweet

    5 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  22. 🚨Critical vulnerabilities in Palo Alto Networks PAN-OS (CVE-2025-0108) & SonicWall SonicOS SSLVPN (CVE-2024-53704) are being actively exploited! ⚠️ Exploits traced to U.S., Germany & Netherlands ⚠️ Patch NOW before it’s too late! #CyberSecurity #CISA https://t.co/3sO307

    @syberintel

    19 Feb 2025

    53 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  23. 【リンク集:2月18日〜19日のセキュリティ関連ニュース/記事】 <脆弱性> ・パロアルトネットワークス、ファイアウォール製品における脆弱性の悪用を確認(CVE-2025-0108) https://t.co/Muuk5Rxuce ・OpenSSHに複数の欠陥、中間者攻撃とDoS攻撃が可能に —… https://t.co/C2H4lDdH1d

    @MachinaRecord

    19 Feb 2025

    41 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  24. 🚨 Two critical vulnerabilities in Palo Alto Networks PAN-OS and SonicWall SonicOS SSLVPN are actively exploited, now added to CISA's KEV catalog. CVE-2025-0108 allows unauthenticated attackers to bypass PAN-OS security, while CVE-2024-53704 compromises SSLVPN authentication.… h

    @TheHackersNews

    19 Feb 2025

    38323 Impressions

    48 Retweets

    108 Likes

    15 Bookmarks

    6 Replies

    2 Quotes

  25. 🚨 [URGENT – HIGHEST PRIORITY] @PaloAltoNtwks Palo Alto Networks Confirms Active Exploits Chaining CVE-2025-0108, CVE-2024-9474 & CVE-2025-0111 PAN-OS Firewalls – IMMEDIATE ACTION REQUIRED! 🚨 Palo Alto Networks has updated its advisory, confirming that CVE-2025-0108 – an…

    @L8on_Hargrave

    19 Feb 2025

    80 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  26. 🔥 New PoC released: CVE-2025-0108 - Palo Alto Networks PAN-OS authentication bypass vulnerability detection tool[1][2]. Use responsibly for security research only! #CyberSecurity #InfoSec #PaloAlto https://t.co/91YEM07twl

    @lucasverdan

    18 Feb 2025

    6 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  27. 🛡️ We added Palo Alto PAN-OS, CVE-2025-0108 & SonicWall SonicOS, CVE-2024-53704 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co/cucCemLnWZ

    @CISACyber

    18 Feb 2025

    11451 Impressions

    42 Retweets

    79 Likes

    10 Bookmarks

    1 Reply

    4 Quotes

  28. 🚨 Palo Alto Networks confirms CVE-2025-0108 vulnerability is being exploited, allowing unauthorized access to PAN-OS management. Over 30 unique IPs reported attempting exploitation. 💻🔒 #PaloAlto #NetworkVulnerability #Australia link: https://t.co/nhiC5Vm5lA https://t.co/TD2av

    @TweetThreatNews

    18 Feb 2025

    28 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  29. High-Severity Palo Alto Networks Vulnerability (CVE-2025-0108) Discovered! https://t.co/V6i5ZXcH6V #CyberSecurity #PaloAlto #Vulnerability #CVE20250108 #EthicalHacking #InfoSec #NetworkSecurity #Stratosally #News #Cybernews #Latestnews

    @InfoStratosally

    18 Feb 2025

    59 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  30. Exploring the Authentication Bypass in Palo Alto Networks PAN-OS - CVE-2025-0108 https://t.co/DL0yzwUuJO #cve20250108 #paloaltonetworks #panos #cybersecurity #authenticationbypass #vulnerabilitymanagement #infosecurity #networksecurity #threatintelligence #patchmanagement

    @DefendOpsHQ

    18 Feb 2025

    17 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  31. Actively exploited CVE : CVE-2025-0108

    @transilienceai

    18 Feb 2025

    19 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  32. Hackers are launching attacks against Palo Alto Networks PAN-OS firewalls by exploiting a recently fixed vulnerability (CVE-2025-0108) that allows bypassing authentication. https://t.co/ZgJVXWkFZL #PaloAltoNetworks #Vulnerability #ENETechnologyServicesGlendora

    @enetechnologys2

    17 Feb 2025

    8 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  33. Hackers are launching attacks against Palo Alto Networks PAN-OS firewalls by exploiting a recently fixed vulnerability (CVE-2025-0108) that allows bypassing authentication. Palo Alto Networks urges admins to upgrade firewalls. https://t.co/yzYG8qU4D4 https://t.co/886xawkeCK

    @riskigy

    17 Feb 2025

    38 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  34. Atenção, administradores! Vulnerabilidade crítica encontrada no PAN-OS (CVE-2025-0108) permite que atacantes contornem autenticações e acessem scripts restritos. Atualize para as versões recomendadas e proteja sua rede. A vulnerabilidade já está sendo explorada ativamente!

    @IncursioHack

    17 Feb 2025

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  35. Palo Alto NetworksのPAN-OSの脆弱性が認証バイパスに悪用される(CVE-2025-0108) #セキュリティ対策Lab #セキュリティ https://t.co/y9gDdqrHCI

    @securityLab_jp

    17 Feb 2025

    24 Impressions

    2 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  36. 皆さんは、最近ハマっている脆弱性って何ですか?おすすめの脆弱性やexploitがあれば教えてください! 個人的にはPAN-OS機器の管理画面の認証回避 CVE-2025-0108のexploitにはまっています。

    @lumin

    17 Feb 2025

    3405 Impressions

    10 Retweets

    31 Likes

    6 Bookmarks

    2 Replies

    1 Quote

  37. Actively exploited CVE : CVE-2025-0108

    @transilienceai

    17 Feb 2025

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  38. Actively exploited CVE : CVE-2025-0108

    @transilienceai

    16 Feb 2025

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  39. GitHub - iSee857/CVE-2025-0108-PoC: Palo Alto Networks PAN-OS 身份验证绕过漏洞批量检测脚本(CVE-2025-0108) https://t.co/qVTBFucheN

    @akaclandestine

    16 Feb 2025

    4124 Impressions

    34 Retweets

    75 Likes

    30 Bookmarks

    0 Replies

    0 Quotes

  40. Actively exploited CVE : CVE-2025-0108

    @transilienceai

    15 Feb 2025

    16 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  41. 🚨 Palo Alto Networks Fixes Critical PAN-#OS Vulnerabilities Including Authentication Bypass (#CVE-2025-0108) https://t.co/KuNbEnhJZN

    @UndercodeUpdate

    15 Feb 2025

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  42. Hackers exploit a critical vulnerability (CVE-2025-0108) in Palo Alto Networks PAN-OS, allowing unauthenticated access. Over 4,400 devices are exposed. Immediate upgrades are crucial. 💻🔒 #PanOS #CyberThreat #USA link: https://t.co/e9PDaVUEVR https://t.co/Xkcnwqs3eR

    @TweetThreatNews

    15 Feb 2025

    50 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  43. Hackers are targeting Palo Alto Networks PAN-OS firewalls by leveraging a newly patched vulnerability, identified as CVE-2025-0108, that permits authentication bypass. This high-severity vulnerability affects the PAN-OS management web interface, enabling attackers without… https

    @iGuardPro

    15 Feb 2025

    201 Impressions

    2 Retweets

    8 Likes

    0 Bookmarks

    6 Replies

    0 Quotes

  44. محققان یک آسیب‌پذیری در سیستم‌عامل PAN-OS (CVE-2025-0108) شناسایی کرده‌اند که به مهاجمان اجازه می‌دهد احراز هویت را دور بزنند. این نقص ناشی از تفاوت در پردازش مسیرها و هدرهای درخواست بین Nginx و Apache است و به مهاجم امکان دسترسی بدون احراز هویت به رابط مدیریت را می‌دهد. https://

    @techbox_ir

    15 Feb 2025

    20 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  45. Hackers are launching attacks against Palo Alto Networks PAN-OS firewalls by exploiting a recently fixed vulnerability (CVE-2025-0108) that allows bypassing authentication. #cybersecurity https://t.co/a3fEMjc9ZB

    @cybertzar

    15 Feb 2025

    38 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  46. Palo Alto, Découvertes de Vulnérabilités critiques dans la gestion des politiques de sécurité. Score CVSS 9.8 (Critique) de La faille CVE-2025-0108 https://t.co/SDgoi04nbB #.Code Arbitraire à Distance #.Confidentialité #.Correctif #.Faille #.Intégrité des données #CERT

    @NicolasCoolman

    15 Feb 2025

    33 Impressions

    1 Retweet

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  47. Actively exploited CVE : CVE-2025-0108

    @transilienceai

    15 Feb 2025

    31 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  48. 🛡️ ¿Tu empresa usa firewalls Palo Alto Networks? ATACANTES pueden ENTRAR sin autenticación Si usas firewalls de Palo Alto Networks, podrías estar en la mira de un ciberataque. Una vulnerabilidad crítica (CVE-2025-0108) permite que atacantes superar la autenticación y accedan

    @CycuraMX

    14 Feb 2025

    176 Impressions

    2 Retweets

    3 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  49. Ataques contra los firewalls PAN-OS de Palo Alto Networks explotan una vulnerabilidad recientemente corregida (CVE-2025-0108) que permite eludir la autenticación. El problema permite evitar la autenticación e invocar ciertos scripts PHP, comprometiendo la seguridad. 🧉 https://

    @MarquisioX

    14 Feb 2025

    26 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  50. ⚠️ Vulnerability Alert: Palo Alto Networks Firewall Zero-Day Authentication Bypass 📅 Timeline: Disclosure: 2025-02-12, Patch: 2025-02-13 📌 Attribution: Assetnote Security Research Team, GreyNoise 🆔cveId: CVE-2025-0108 📊baseScore: 7.8 📏cvssMetrics:… https://t.co/cBlFMEffip

    @syedaquib77

    14 Feb 2025

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

References