Palo Alto Networks has released a patch for a high-severity authentication bypass vulnerability, identified as CVE-2025-0108, affecting their PAN-OS software. The flaw allows unauthenticated attackers to bypass the authentication required by the PAN-OS management web interface and invoke certain PHP scripts. Attackers craft malicious HTTP requests with multi-layered URL encoding, causing Nginx to incorrectly flag the request as non-sensitive (via the X-pan-AuthCheck: off header) while Apache processes it as a legitimate, authenticated request. Assetnote’s Adam Kues emphasized that the flaw’s root cause, inconsistent request handling between Nginx and Apache, highlights risks in multi-layer authentication architectures. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. GreyNoise has observed widespread exploitation attempts in the wild, with attackers leveraging available proof-of-concept (PoC) exploits. With attackers already weaponizing the flaw, enterprises must act swiftly to patch and isolate management interfaces. Palo Alto Networks rates the flaw as CVSS 7.8–8.8, depending on network exposure. The vulnerability originates from a path confusion issue between PAN-OS’s Nginx reverse proxy and Apache web server components. Palo Alto Networks has not confirmed malicious exploitation but urges customers to prioritize updates. GreyNoise has observed active exploitation attempts targeting this vulnerability. The vulnerability, which has a CVSS score of 7.8, was discovered by Assetnote researchers while analyzing patches for previously exploited vulnerabilities CVE-2024-0012 and CVE-2024-9474. Network Hardening: Restrict management interface access to trusted IPs via firewall rules or VPNs. Gurubaran is a co-founder of Cyber Security News and GBHackers On Security.
This Cyber News was published on cybersecuritynews.com. Publication date: Fri, 14 Feb 2025 02:20:18 +0000