CVE-2025-0108

CRITICAL CISA KEV

Published Feb 12, 2025 Modified Nov 4, 2025 CWE-306

Description

An authentication bypass in the Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to bypass the authentication otherwise required by the PAN-OS management web interface and invoke certain PHP scripts. While invoking these PHP scripts does not enable remote code execution, it can negatively impact integrity and confidentiality of PAN-OS. You can greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended best practices deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue does not affect Cloud NGFW or Prisma Access software.

CVSS v3.1 Score

9.1

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild.

Added: Feb 18, 2025 Remediation due: Mar 11, 2025

Weakness Type (CWE)

CWE-306 Missing Authentication

Affected Products

Vendor	Product	Versions
paloaltonetworks	pan-os	10.1.0 — 10.1.14
paloaltonetworks	pan-os	10.2.0 — 10.2.7
paloaltonetworks	pan-os	11.1.0 — 11.1.2
paloaltonetworks	pan-os	11.2.0 — 11.2.4
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All
paloaltonetworks	pan-os	All

References

Advisories & Patches

https://security.paloaltonetworks.com/CVE-2025-0108

Exploits

https://security.paloaltonetworks.com/CVE-2025-0108 https://github.com/iSee857/CVE-2025-0108-PoC https://slcyber.io/blog/nginx-apache-path-confusion-to-auth-bypass-in-pan-os/

Other References

https://www.bleepingcomputer.com/news/security/palo-alto-networks-tags-new-firewall-bug-as-exploited-in-attacks/ https://www.darkreading.com/remote-workforce/patch-now-cisa-researchers-warn-palo-alto-flaw-exploited-wild https://www.securityweek.com/palo-alto-networks-confirms-exploitation-of-firewall-vulnerability/ https://www.theregister.com/2025/02/19/palo_alto_firewall_attack/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-0108

Frequently Asked Questions

What is CVE-2025-0108? +

How severe is CVE-2025-0108? +

CVE-2025-0108 has a CVSS v3.1 score of 9.1 out of 10, rated CRITICAL. This is a critical vulnerability that should be patched immediately.

What products are affected by CVE-2025-0108? +

CVE-2025-0108 affects products from paloaltonetworks, specifically: pan-os. Check the affected products table above for specific version ranges.

How do I check if I'm vulnerable to CVE-2025-0108? +

You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2026-6369

An improper access control vulnerability in the canonical-livepatch snap client prior to version 10.15.0 allows a local unprivileged user to …

CVE-2026-9152

A missing authentication vulnerability exists in the Altium 365 SearchService. A legacy SOAP endpoint exposes search index operations without requiring …

CVE-2026-5749

Inadequate access control in the registration process in Fullstep V5, which could allow unauthenticated users to obtain a valid JWT …

CVE-2026-6376

A weakness in SpiceJet’s public booking retrieval page permits full passenger booking details to be accessed using only a PNR …

CVE-2024-45483

A Missing Authentication for Critical Function vulnerability in the GRUB configuration used B&R APROL <4.4-01 may allow an unauthenticated physical …

CVE-2024-54013

Penetration Testing engineers at Amazon have identified a security flaw related to request handling in the web server component that …