The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding actively exploiting a high-severity authentication bypass vulnerability (CVE-2025-0108) in Palo Alto Networks PAN-OS, the operating system powering the company’s firewall devices. Assetnote’s Shubham Shah emphasized that CVE-2025-0108’s real danger lies in its role as an initial access vector: “Attackers combine it with secondary exploits to achieve command execution.” The tactic mirrors previous campaigns exploiting CVE-2024-0012 and CVE-2024-9474, which also targeted PAN-OS authentication mechanisms. CVE-2025-0108 (CVSSv3.1 score 7.8) enables unauthenticated attackers with network access to the PAN-OS management web interface to bypass authentication controls and execute specific PHP scripts. Palo Alto Networks confirmed that exploiting CVE-2025-0108 in combination with CVE-2024-9474, a privilege escalation vulnerability patched in November 2024, enables full device compromise. As Palo Alto Networks works to contain the threat, administrators must enforce strict access controls and assume unpatched devices are already compromised. With over 25 malicious IPs targeting unpatched systems globally, federal authorities and cybersecurity experts warn that attackers could chain this flaw with other vulnerabilities to compromise critical network infrastructure. Palo Alto Networks updated its advisory on February 19 to confirm “increasing numbers of attacks” targeting unpatched firewalls, particularly those with internet-facing management interfaces. “We urge all customers to immediately apply updates and restrict management interface access,” stated Steven Thai, a Palo Alto spokesperson. Federal agencies and enterprises reliant on Palo Alto firewalls must prioritize patch deployment, as unsecured devices face imminent compromise.
This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 19 Feb 2025 03:15:19 +0000