Threat Alert: Palo Alto Network Authentication Bypass Exploit
INFORMATIONAL ONLY
Palo Alto Networks has released security updates to address a high-severity vulnerability in its PAN-OS software, identified as CVE-2025-0108, with a CVSS score of 7.8. This flaw allows an unauthenticated attacker with network access to the management web interface to bypass authentication and invoke certain PHP scripts, potentially compromising the integrity and confidentiality of the system.
The affected PAN-OS versions are:
- 11.2 versions prior to 11.2.4-h4
- 11.1 versions prior to 11.1.6-h1
- 10.2 versions prior to 10.2.13-h3
- 10.1 versions prior to 10.1.14-h9
Recommendations:
Users of PAN-OS 11.0 should upgrade to a supported version, as it reached end-of-life on November 17, 2024.
Additionally, two other vulnerabilities have been patched:
- CVE-2025-0109: An unauthenticated file deletion vulnerability in the management web interface.
- CVE-2025-0110: A command injection vulnerability in the PAN-OS OpenConfig plugin.
To mitigate these risks, it is recommended to update to the latest PAN-OS versions and restrict access to the management interface from untrusted networks. If the OpenConfig plugin is not in use, consider disabling or uninstalling it.
WHAT QUADRANT IS DOING FOR OUR CLIENTS:
Our team of Threat Analysts and Detection Engineers have updated our detections and will continue monitoring for these threat signatures.
