Security News > 2025 > February > Week in review: Microsoft fixes two actively exploited 0-days, PAN-OS auth bypass hole plugged
2025-02-16 09:00
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Microsoft fixes two actively exploited zero-days (CVE-2025-21418, CVE-2025-21391) February 2025 Patch Tuesday is here, and Microsoft has delivered fixes for 56 vulnerabilities, including two zero-days – CVE-2025-21418 and CVE-2025-21391 – under active exploitation. PAN-OS authentication bypass hole plugged, PoC is public (CVE-2025-0108) Palo Alto Networks has fixed a high-severity authentication bypass vulnerability (CVE-2025-0108) in the management web interface of its … More → The post Week in review: Microsoft fixes two actively exploited 0-days, PAN-OS auth bypass hole plugged appeared first on Help Net Security.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-12 | CVE-2025-0108 | Missing Authentication for Critical Function vulnerability in Paloaltonetworks Pan-Os An authentication bypass in the Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to bypass the authentication otherwise required by the PAN-OS management web interface and invoke certain PHP scripts. | 9.1 |
| 2025-02-11 | CVE-2025-21418 | Unspecified vulnerability in Microsoft products Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | 7.8 |
| 2025-02-11 | CVE-2025-21391 | Unspecified vulnerability in Microsoft products Windows Storage Elevation of Privilege Vulnerability | 7.1 |