PT-2025-6473 · Palo Alto Networks · Pan-Os

Adam Kues

·

Published

2025-02-12

·

Updated

2025-10-10

·

CVE-2025-0108

CVSS v4.0
8.8
VectorAV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:M/U:Red
Name of the Vulnerable Software and Affected Versions Palo Alto Networks PAN-OS (affected versions not specified)
Description An authentication bypass vulnerability in the Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to bypass the authentication otherwise required by the PAN-OS management web interface and invoke certain PHP scripts. While invoking these PHP scripts does not enable remote code execution, it can negatively impact integrity and confidentiality of PAN-OS. The vulnerability is being actively exploited, with over 30 unique IPs reported attempting exploitation. It is estimated that over 4,400 devices are exposed, mainly in the US, Germany, and the Netherlands.
Recommendations To resolve the issue, update the OpenConfig Plugin to version 2.1.2 or later on all PAN-OS firewalls immediately. If the OpenConfig Plugin is not needed, disable or uninstall it from the PAN-OS. Restrict access to the PAN-OS management interface by allowing only trusted network addresses.

Exploit

Fix

RCE

DoS

Missing Authentication

Weakness Enumeration

CWE-306

Related Identifiers

BDU:2025-01567
CVE-2025-0108
PANOS_CVE2025_0108

Affected Products

Pan-Os