Palo Alto Networks has identified an active exploitation of a critical authentication bypass vulnerability in its PAN-OS firewalls, tracked as CVE-2025-0108. This flaw has a severity score of 8.8 out of 10 and affects multiple versions of the firewall software.
The company released a patch for the vulnerability on February 12, 2025, recommending users upgrade to the following versions:
- 11.2.4-h4 or later
- 11.1.6-h1 or later
- 10.2.13-h3 or later
- 10.1.14-h9 or later
Exploitation attempts began within a day of the patch release, with security researchers from GreyNoise reporting multiple attacks targeting unpatched endpoints. The vulnerability impacts the PAN-OS management web interface, allowing attackers to execute PHP scripts, which can lead to sensitive data exfiltration and firewall configuration tampering.
Research indicates that over 4,400 devices may be at risk. To mitigate potential threats, users are advised to apply the patch immediately and restrict access to the management interface.
Small to medium-sized businesses (SMBs) are particularly vulnerable due to typically weaker security configurations and outdated firmware. Such conditions make these firewalls attractive targets for threat actors seeking to bypass network defenses and gain deeper access to internal systems.
For more information, visit the original article on TechRadar.