Authentication Bypass in Palo Alto Networks PAN-OS Software
CVE-2025-0108

5.9MEDIUM

Key Information:

Vendor: Palo Alto Networks
Status: Cloud Ngfw; Pan-os; Prisma Access
Vendor: CVE Published:; 12 February 2025

Badges

🥇 Trended No. 1📈 Trended📈 Score: 16,300💰 Ransomware👾 Exploit Exists🟡 Public PoC🟣 EPSS 93%🦅 CISA Reported📰 News Worthy

What is CVE-2025-0108?

CVE-2025-0108 is a significant security vulnerability found in Palo Alto Networks' PAN-OS software, which is primarily used for network security management in various enterprise environments. This vulnerability allows unauthenticated attackers with network access to the management web interface to bypass standard authentication mechanisms, potentially allowing them to invoke specific PHP scripts. While this flaw does not enable remote code execution, it poses serious risks to the integrity and confidentiality of the systems using PAN-OS, making organizations vulnerable to unauthorized access and manipulation.

Technical Details

The vulnerability is characterized as an authentication bypass within the PAN-OS management interface. It affects devices that utilize this operating system, which is integral for managing firewall functionalities and other security features in network appliances. By bypassing authentication, an attacker can interact with the system without the necessary credentials, targeting the management functionalities of PAN-OS directly. This flaw emphasizes the critical need for secure management access, as attackers could potentially exploit it to achieve elevated access levels on vulnerable systems.

Potential Impact of CVE-2025-0108

Data Integrity Risks: The vulnerability allows unauthorized access to management features, which can compromise the integrity of security policies and data stored within the PAN-OS system. Attackers could manipulate configurations, leading to unauthorized changes in network security settings.
Confidentiality Breach: Since the vulnerability exposes a pathway to access sensitive management functions, it may lead to unauthorized viewing or extraction of confidential information managed by PAN-OS, putting organizational data at risk.
Increased Attack Surface: With the ability to bypass authentication, the potential for malicious actors to conduct further attacks increases. Attackers could explore additional vulnerabilities within the network infrastructure, leading to a cascade of security breaches and further exploitation.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.

The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

PAN-OS 10.1.0 < 10.1.14-h9

PAN-OS 10.2.0 < 10.2.7-h24

PAN-OS 11.1.0 < 11.1.6-h1

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-0108-PoC
Created by iSee857

CVE-2025-0108-PoC
Created by FOLKS-iwd

CVE-2025-0108
Created by sohaibeb

News Articles

TechTarget

CVE-2025-0111 CVE-2025-0108

Palo Alto Networks vulnerabilities exploited in chained attack | Te...

Palo Alto Networks updated advisories for vulnerabilities CVE-2025-0111 and CVE-2025-0108 to warn customers of an exploit chain being used in attacks.