Security News > 2025 > February > Attackers are chaining flaws to breach Palo Alto Networks firewalls

Attackers are chaining flaws to breach Palo Alto Networks firewalls
2025-02-19 08:50

Exploitation attempts targeting CVE-2025-0108, a recently disclosed authentication bypass vulnerability affecting the management web interface of Palo Alto Networks’ firewalls, are ramping up. “GreyNoise now sees 25 malicious IPs actively exploiting CVE-2025-0108, up from 2 on February 13,” the threat intelligence company shared on Tuesday. “This high-severity flaw allows unauthenticated attackers to execute specific PHP scripts, potentially leading to unauthorized access to vulnerable systems.” CVE-2025-0108 + CVE-2024-9474 and/or CVE-2025-0111 Palo Alto Networks has updated the … More → The post Attackers are chaining flaws to breach Palo Alto Networks firewalls appeared first on Help Net Security.


News URL

https://www.helpnetsecurity.com/2025/02/19/palo-alto-networks-firewalls-cve-2025-0108-cve-2024-9474-cve-2025-0111/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2025-02-12 CVE-2025-0111 An authenticated file read vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated attacker with network access to the management web interface to read files on the PAN-OS filesystem that are readable by the “nobody” user. You can greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended best practices deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue does not affect Cloud NGFW or Prisma Access software.
0.0
2025-02-12 CVE-2025-0108 Missing Authentication for Critical Function vulnerability in Paloaltonetworks Pan-Os
An authentication bypass in the Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to bypass the authentication otherwise required by the PAN-OS management web interface and invoke certain PHP scripts.
network
low complexity
paloaltonetworks CWE-306
critical
9.1
2024-11-18 CVE-2024-9474 OS Command Injection vulnerability in Paloaltonetworks Pan-Os
A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows a PAN-OS administrator with access to the management web interface to perform actions on the firewall with root privileges. Cloud NGFW and Prisma Access are not impacted by this vulnerability.
network
low complexity
paloaltonetworks CWE-78
7.2