CVE-2025-0108

Name of the Vulnerable Software and Affected Versions Palo Alto Networks PAN-OS versions prior to the fix released on February 13, 2025

Description An authentication bypass vulnerability exists in the management web interface of Palo Alto Networks PAN-OS. This allows an unauthenticated attacker with network access to bypass authentication and invoke certain PHP scripts. While invoking these scripts does not enable remote code execution, it can negatively impact the integrity and confidentiality of the system. Active exploitation of this vulnerability has been observed, with over 3,500 interfaces exposed and 25 malicious IPs attempting exploitation. The vulnerability is due to a path confusion issue between Nginx and Apache.

Recommendations Update Palo Alto Networks PAN-OS to the latest version released on February 13, 2025, or later. Restrict access to the PAN-OS management interface to only trusted internal IP addresses. If the OpenConfig Plugin is not needed, disable or uninstall it.