Skip to main content
Customer Support Customer Support

Palo Alto Networks Patches Potentially Serious Firewall Vulnerability

  • February 13, 2025
  • 1 reply
  • 9 views
Jasper_The_Rasper
Moderator
Forum|alt.badge.img+54

Palo Alto Networks has published 10 new security advisories, including one for a high-severity firewall authentication bypass vulnerability.

 

February 13, 2025 By Eduard Kovacs

 

Palo Alto Networks on Wednesday published 10 new security advisories to inform customers about the impact of new and previously known vulnerabilities on its products.

The most important advisory seems to be for a flaw tracked as CVE-2025-0108, which the vendor described as a PAN-OS issue that allows an unauthenticated attacker with network access to the targeted firewall’s management interface to bypass authentication and invoke certain PHP scripts.

“While invoking these PHP scripts does not enable remote code execution, it can negatively impact integrity and confidentiality of PAN-OS,” Palo Alto Networks explained.

 

>>Full Article<<

    ProTruckDriver
    Jasper_The_Rasper
    TripleHelix

    1 reply

    TripleHelix
    Moderator
    Forum|alt.badge.img+63
    • TripleHelix
    • Moderator
    • February 19, 2025

    February 19, 2025

     

     

    Palo Alto Networks has issued urgent warnings as cybersecurity researchers observe threat actors exploiting a combination of vulnerabilities in PAN-OS, the operating system powering its next-generation firewalls.

    Coordinated attacks, which bypass chain authentication and privilege escalation flaws, enable unauthorized access to unpatched devices, posing severe risks to enterprise network integrity.

    The primary vulnerability under active exploitation, CVE-2025-0108, is an authentication bypass flaw in PAN-OS’s management web interface.

    Discovered by Assetnote researchers and disclosed on February 12, 2025, it allows unauthenticated attackers to execute specific PHP scripts, compromising system confidentiality and integrity.

    While this vulnerability alone does not permit remote code execution, its exploitation surged within 24 hours of disclosure, with GreyNoise tracking 25 malicious IPs by February 18.

    Hackers Chaining Multiple Palo Alto Vulnerabilities

    Palo Alto Networks confirmed attackers are chaining CVE-2025-0108 with two additional vulnerabilities:

    • CVE-2024-9474: A privilege escalation flaw (CVSS 6.9) enabling authenticated administrators to execute root-level commands. Actively exploited since November 2024, it has been linked to cryptojacking, webshell deployments, and sensitive data exfiltration.
    • CVE-2025-0111: A medium-severity file read vulnerability (CVSS 4.9) allowing authenticated users to access files readable by the “nobody” account.

    By combining these vulnerabilities, attackers bypass authentication, escalate privileges, and extract critical system files, achieving full root access to firewalls.

    This exploitation trend mirrors previous campaigns targeting Palo Alto devices. In November 2024, attackers chained CVE-2024-0012 (authentication bypass) with CVE-2024-9474 to deploy cryptominers and command-and-control implants.

    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) noted over 2,000 compromised instances globally during that campaign.

    Arctic Wolf observed attackers exfiltrating firewall configurations containing credentials for lateral movement, while Darktrace identified post-exploitation activities like reconnaissance and cryptomining.

     

    Full Article

    Daniel - Microsoft MVP Consumer Security (2012-2016) Windows 10 Pro x64 for Workstations 22H2 on my Alienware 17R2 and Windows 11 Pro x64 for Workstations on my Alienware 17R5 Laptops with Webroot SecureAnywhere Complete Beta Tester for PC & Android Samsung Galaxy A16 5G OS 16.
    ProTruckDriver
    Jasper_The_Rasper
    TripleHelix
    Terms & ConditionsAccessibility statement