Palo Alto Networks has disclosed a zero-day vulnerability in its PAN-OS software (CVE-2025-0108), allowing attackers to bypass authentication on the management web interface.
With a CVSS score of 7.8 (HIGH), the flaw has been flagged as a significant security issue for organizations using vulnerable versions of PAN-OS.
The vulnerability stems from a lack of proper authentication enforcement in the PAN-OS management web interface.
Exploiting this issue, unauthenticated attackers with network access could invoke specific PHP scripts without authorization.
While remote code execution (RCE) is not possible through this flaw, attackers could impact the integrity and confidentiality of the PAN-OS device.
However, Palo Alto Networks emphasizes that this vulnerability does not affect the company’s Cloud NGFW or Prisma Access products.
The issue is particularly significant for organizations that allow access to the management interface from untrusted networks or the internet.
Attackers leveraging this flaw do not require elevated privileges or user interaction, making exploitation straightforward.
The flaw is classified under CWE-306 (Missing Authentication for Critical Function) and CAPEC-115 (Authentication Bypass), underscoring its critical nature.
Palo Alto Networks has confirmed no known instances of malicious exploitation of this vulnerability.
Affected PAN-OS Versions
| PAN-OS Version | Affected | Fixed |
| PAN-OS 11.2 | < 11.2.4-h4 | >= 11.2.4-h4 |
| PAN-OS 11.1 | < 11.1.6-h1 | >= 11.1.6-h1 |
| PAN-OS 10.2 | < 10.2.13-h3 | >= 10.2.13-h3 |
| PAN-OS 10.1 | < 10.1.14-h9 | >= 10.1.14-h9 |
| PAN-OS 11.0 | End-of-Life (EoL) | No fixes planned |
Palo Alto Networks strongly advises customers to upgrade to the fixed versions listed above to mitigate the vulnerability.
For immediate mitigation, organizations can limit management interface access to trusted internal IP addresses by following Palo Alto’s best practices for securing administrative access.
Palo Alto Networks customers can view potentially exposed assets on the Customer Support Portal under the “Remediation Required” section.
By promptly addressing this issue, organizations can reduce the risk of exploitation and maintain the security of their critical network infrastructure.
Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free
APT43, also known by aliases such as Black Banshee, Emerald Sleet, and Kimsuky, is a…
In a calculated cyber-espionage campaign, the Russian state-sponsored hacking group Sandworm (APT44), linked to the…
CrowdStrike has disclosed a critical vulnerability (CVE-2025-1146) in its Falcon Sensor for Linux, its Falcon…
A new security vulnerability targeting Amazon Machine Images (AMIs) has emerged, exposing organizations and users…
Google has released an urgent update for its Chrome browser to address a critical security…
A massive security lapse has exposed over 2.7 billion records, including sensitive Wi-Fi credentials, device…