In February 2025, a critical security vulnerability, CVE-2025-0108, was identified in Palo Alto Networks’ PAN-OS software, which powers their firewall devices. This flaw allows unauthenticated attackers with network access to the management web interface to bypass authentication and invoke specific PHP scripts. While this does not permit remote code execution, it can compromise the integrity and confidentiality of the system.
Affected Versions:
• PAN-OS 11.2 versions prior to 11.2.4-h4
• PAN-OS 11.1 versions prior to 11.1.6-h1
• PAN-OS 10.2 versions prior to 10.2.13-h3
• PAN-OS 10.1 versions prior to 10.1.14-h9
Notably, PAN-OS 11.0 has reached its end-of-life (EoL) as of November 17, 2024, and is no longer supported.
Active Exploitation:
Shortly after the vulnerability’s disclosure, threat actors began exploiting it in the wild. Security researchers observed attempts to chain CVE-2025-0108 with other vulnerabilities, such as CVE-2024-9474 and CVE-2025-0111, to gain unauthorized access to unpatched and unsecured PAN-OS web management interfaces.
Mitigation Steps:
To protect your systems from potential exploitation:
1. Immediate Updates: Upgrade PAN-OS to the latest patched versions:
• For PAN-OS 11.2, update to 11.2.4-h4 or later.
• For PAN-OS 11.1, update to 11.1.6-h1 or later.
• For PAN-OS 10.2, update to 10.2.13-h3 or later.
• For PAN-OS 10.1, update to 10.1.14-h9 or later.
2. Restrict Management Interface Access: Ensure that the management web interface is accessible only from trusted internal IP addresses. Avoid exposing it to the internet or untrusted networks.
3. Follow Best Practices: Adhere to Palo Alto Networks’ critical deployment guidelines to secure your management interfaces effectively.
Conclusion:
The discovery and active exploitation of CVE-2025-0108 underscore the importance of promptly addressing security vulnerabilities. Organizations utilizing Palo Alto Networks’ firewalls should act swiftly to apply the necessary updates and implement recommended security measures to safeguard their systems against potential threats.
For detailed information and updates, refer to Palo Alto Networks’ official security advisory.
