CVE-2025-0108

Name of the Vulnerable Software and Affected Versions Palo Alto Networks PAN-OS (affected versions not specified)

Description An authentication bypass in the management web interface allows an unauthenticated attacker with network access to bypass required authentication and invoke specific PHP scripts. This issue stems from path confusion between Nginx and Apache. While it does not enable remote code execution, it can negatively impact the integrity and confidentiality of the system, allowing attackers to extract sensitive system data, recover firewall configurations, or manipulate certain settings. Approximately 4,400 devices have been identified as exposing their management interface to the internet, and active exploitation has been observed since February 13.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. Restrict access to the management web interface to only trusted internal IP addresses.