CVE-2025-0108

Name of the Vulnerable Software and Affected Versions Palo Alto Networks PAN-OS versions prior to the fix released on February 13, 2025

Description An authentication bypass vulnerability exists in Palo Alto Networks PAN-OS, allowing an unauthenticated attacker with network access to the management web interface to bypass authentication and invoke certain PHP scripts. While invoking these scripts does not enable remote code execution, it can negatively impact the integrity and confidentiality of PAN-OS. This vulnerability is actively exploited in the wild, with over 25 malicious IPs observed attempting exploitation. The vulnerability is due to a path confusion issue between Nginx and Apache. A proof-of-concept exploit is publicly available. Over 2.3 million services are potentially exposed.

The vulnerability allows attackers to bypass authentication on the management web interface. The exploitation of this vulnerability has been observed, and a proof-of-concept exploit is available.

Recommendations Update your PAN-OS instance to the latest version released on February 13, 2025, or later. Restrict access to the PAN-OS management interface to only trusted internal IP addresses. If the OpenConfig Plugin is not needed, disable or uninstall it.