Palo Alto confirms PAN-OS vulnerability CVE-2025-0108 actively exploited
Take action: If you are running Palo Alto Networks make sure the management interface is isolated from the internet and accessible only from trusted networks RIGHT NOW! Then plan a patch, because even trusted endpoints and networks can be compromised.
Learn More
Palo Alto Networks has confirmed active exploitation of the authentication bypass vulnerability (CVE-2025-0108) affecting their PAN-OS firewall operating system.
Threat actors are actively exploiting the vulnerability using a publicly available proof-of-concept exploit. Attackers are chaining CVE-2025-0108 with CVE-2024-9474 (a previous zero-day) against unpatched systems
The vulnerability allows unauthenticated attackers with network access to the management web interface to bypass authentication and invoke certain PHP scripts. While these scripts don't enable remote code execution, they can compromise the integrity and confidentiality of PAN-OS systems.
Organizations with management interfaces exposed to the internet or those who have enabled access to untrusted networks face the highest risk of exploitation. Palo Alto Networks emphasizes that securing external-facing management interfaces is a fundamental security best practice and strongly encourages all organizations to review their configurations to minimize risk.
