Palo Alto Networks has disclosed a zero-day vulnerability in its PAN-OS software (CVE-2025-0108), allowing attackers to bypass authentication on the management web interface.
With a CVSS score of 7.8 (HIGH), the flaw has been flagged as a significant security issue for organizations using vulnerable versions of PAN-OS.
The vulnerability stems from a lack of proper authentication enforcement in the PAN-OS management web interface.
Exploiting this issue, unauthenticated attackers with network access could invoke specific PHP scripts without authorization.
While remote code execution (RCE) is not possible through this flaw, attackers could impact the integrity and confidentiality of the PAN-OS device.
However, Palo Alto Networks emphasizes that this vulnerability does not affect the company’s Cloud NGFW or Prisma Access products.
The issue is particularly significant for organizations that allow access to the management interface from untrusted networks or the internet.
Attackers leveraging this flaw do not require elevated privileges or user interaction, making exploitation straightforward.
The flaw is classified under CWE-306 (Missing Authentication for Critical Function) and CAPEC-115 (Authentication Bypass), underscoring its critical nature.
Palo Alto Networks has confirmed no known instances of malicious exploitation of this vulnerability.
Affected PAN-OS Versions
| PAN-OS Version | Affected | Fixed |
| PAN-OS 11.2 | < 11.2.4-h4 | >= 11.2.4-h4 |
| PAN-OS 11.1 | < 11.1.6-h1 | >= 11.1.6-h1 |
| PAN-OS 10.2 | < 10.2.13-h3 | >= 10.2.13-h3 |
| PAN-OS 10.1 | < 10.1.14-h9 | >= 10.1.14-h9 |
| PAN-OS 11.0 | End-of-Life (EoL) | No fixes planned |
Palo Alto Networks strongly advises customers to upgrade to the fixed versions listed above to mitigate the vulnerability.
For immediate mitigation, organizations can limit management interface access to trusted internal IP addresses by following Palo Alto’s best practices for securing administrative access.
Palo Alto Networks customers can view potentially exposed assets on the Customer Support Portal under the “Remediation Required” section.
By promptly addressing this issue, organizations can reduce the risk of exploitation and maintain the security of their critical network infrastructure.
Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free
Cado Security Labs has identified a sophisticated cryptomining campaign exploiting misconfigured Jupyter Notebooks, targeting both…
Amazon Web Services' Simple Notification Service (AWS SNS) is a versatile cloud-based pub/sub service that…
A recent alert from the Akamai Security Intelligence and Response Team (SIRT) has highlighted the…
Cisco has issued a security advisory warning of a vulnerability in its IOS XR Software…
The increasing popularity of generative artificial intelligence (GenAI) tools, such as OpenAI’s ChatGPT and Google’s…
Microsoft researchers have uncovered a surprisingly straightforward method that can bypass safety guardrails in most…