CyberSecurityBoard
Sponsor Register Login

Hackers exploit authentication bypass in Palo Alto Networks PAN-OS

The security issue received a high-severity score and impacts the PAN-OS management web interface and allows an unauthenticated attacker on the network to bypass authentication and invoke certain PHP scripts, potentially compromising integrity and confidentiality. Hackers are launching attacks against Palo Alto Networks PAN-OS firewalls by exploiting a recently fixed vulnerability (CVE-2025-0108) that allows bypassing authentication. Regarding the exposure of vulnerable devices online, Macnica researcher Yutaka Sejiyama told BleepingComputer that there are currently over 4,400 PAN-OS devices exposing their management interface online. To defend against the ongoing exploitation activity, which, considering that the PoC is public, is very likely to culminate in the following days, it is recommended to apply the available patches and restrict access to firewall management interfaces. PAN-OS 11.0 is also impacted but the product reached the end of life (EoL) and Palo Alto Networks does not plan to release any fixes for it. Attackers with network access to the management interface can leverage this to gather intelligence for further attacks or to weaken security defenses by modifying accessible settings. Bill Toulas Bill Toulas is a tech writer and infosec news reporter with over a decade of experience working on various online publications, covering open-source, Linux, malware, data breach incidents, and hacks. The researchers demonstrated how the flaw could be leveraged to extract sensitive system data, retrieve firewall configurations, or potentially manipulate certain settings within PAN-OS. Threat monitoring platform GreyNoise logged exploitation attempts targeting unpatched PAN-OS firewalls. The exploit leverages a path confusion between Nginx and Apache in PAN-OS that allows bypassing authentication. The attacks started on February 13, at 17:00 UTC, and appear to originate from several IP addresses, potentially indicating exploitation efforts from distinct threat actors.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Fri, 14 Feb 2025 21:20:21 +0000


Cyber News related to Hackers exploit authentication bypass in Palo Alto Networks PAN-OS

Palo Alto Networks and IBM to Jointly Provide AI-Powered Security Offerings - PRESS RELEASE. SANTA CLARA, Calif. and ARMONK, N.Y., May 15, 2024 /PRNewswire/ - Palo Alto Networks, the global cybersecurity leader, and IBM, a leading provider of hybrid cloud and AI, today announced a broad-reaching partnership to deliver ...
10 months ago Darkreading.com
A Leader in 2024 Forrester Enterprise Firewall Solutions Wave - Palo Alto Networks has long recognized these challenges, which is why we’ve built a network security platform that not only protects but also fosters business growth and innovation in today’s complex environment. We believe the recognition of ...
5 months ago Paloaltonetworks.com
Palo Alto Networks and Deloitte Expand Strategic Alliance Globally - 1, 2024 /PRNewswire/ -- Palo Alto Networks (NASDAQ: PANW) and Deloitte today announced an expansion of their strategic alliance into EMEA and JAPAC regions, making Palo Alto Networks® AI-powered cybersecurity solutions and joint offerings available ...
5 months ago Darkreading.com
Patch Now: Palo Alto Flaw Exploited in the Wild - Indeed, researchers observed attackers making exploit attempts by chaining CVE-2025-0108 with two other PAN-OS Web management interface flaws — CVE-2024-9474, a privilege escalation flaw, and CVE-2025-0111, an authenticated file read vulnerability ...
1 month ago Darkreading.com CVE-2025-0108 CVE-2024-9474 CVE-2025-0111
Exploit released for Palo Alto PAN-OS bug used in attacks, patch now - Exploit code is now available for a maximum severity and actively exploited vulnerability in Palo Alto Networks' PAN-OS firewall software. Tracked as CVE-2024-3400, this security flaw can let unauthenticated threat actors execute arbitrary code as ...
11 months ago Bleepingcomputer.com CVE-2024-3400 CVE-2024-34000
Research Shows 163% ROI with Palo Alto Networks Software Firewalls - Good news is here for cloud and network security professionals who need proven, cost-effective solutions that substantially reduce downtime and breaches across a range of cloud and virtualized environments. Palo Alto Networks software firewalls not ...
1 year ago Paloaltonetworks.com
CISOs Grapple With IBM's Unexpected Cybersecurity Software Exit - IBM's surprise departure from cybersecurity software this week didn't just rearrange the competitive landscape - it also reshuffled the procurement plans and vendor relationships for many CISOs rebuilding their SOCs. IBM has agreed to sell the QRadar ...
10 months ago Darkreading.com
CISA Warns of Palo Alto PAN-OS Vulnerability Actively Exploited in the Wild - The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding actively exploiting a high-severity authentication bypass vulnerability (CVE-2025-0108) in Palo Alto Networks PAN-OS, the operating system powering the ...
1 month ago Cybersecuritynews.com CVE-2025-0108 CVE-2024-0012 CVE-2024-9474
Hackers exploit authentication bypass in Palo Alto Networks PAN-OS - The security issue received a high-severity score and impacts the PAN-OS management web interface and allows an unauthenticated attacker on the network to bypass authentication and invoke certain PHP scripts, potentially compromising integrity ...
1 month ago Bleepingcomputer.com CVE-2025-0108
Palo Alto Networks tags new firewall bug as exploited in attacks - Palo Alto Networks warns that a file read vulnerability (CVE-2025-0111) is now being chained in attacks with two other flaws (CVE-2025-0108 with CVE-2024-9474) to breach PAN-OS firewalls in active attacks. "Palo Alto Networks has observed exploit ...
1 month ago Bleepingcomputer.com CVE-2025-0111 CVE-2025-0108 CVE-2024-9474
Unlocking the Economic Benefit of NGFWs - Cyberthreats are increasing in volume and complexity, making it difficult for network defenders to protect their organizations. Threat actors are evolving their tools and techniques, finding new ways to employ artificial intelligence to avoid ...
1 year ago Paloaltonetworks.com
Palo Alto Networks Recognized as a Leader in the 2023 Gartner Magic Quadrant for Endpoint Protection Platforms - Today, we are pleased to announce that Palo Alto Networks has been named a Leader in the 2023 Gartner Magic Quadrant for Endpoint Protection Platforms. Before we dive into the significance of this year's Magic Quadrant for EPP, I want to take a ...
1 year ago Paloaltonetworks.com
Palo Alto Networks Prevents Data Loss at Enterprise Scale with NVIDIA - With NVIDIA accelerated computing and AI software, cybersecurity leaders like Palo Alto Networks can safeguard vast amounts of sensitive information with unprecedented speed and accuracy, ushering in a new era of AI-driven data protection. The ...
5 months ago Paloaltonetworks.com
PAN-OS Vulnerability Let Attackers Bypass Web Interface Authentication - Palo Alto Networks has disclosed a critical vulnerability (CVE-2025-010) in its PAN-OS software that could allow attackers to bypass authentication on the management web interface. While the vulnerability is rated as HIGH severity, Palo Alto Networks ...
1 month ago Cybersecuritynews.com CVE-2025-010
How to track and stop CVE-2024-3400: Palo Alto Devices API Exploit Causing Critical Infrastructure and Enterprise Epidemics - On Friday April 12, Palo Alto disclosed that some versions of PAN-OS are not only vulnerable to remote code execution, but that the vulnerability has been actively exploited to install backdoors on Palo Alto firewalls. Palo Alto has marked this ...
11 months ago Securityboulevard.com CVE-2024-3400
CVE-2020-2021 - When Security Assertion Markup Language (SAML) authentication is enabled and the 'Validate Identity Provider Certificate' option is disabled (unchecked), improper verification of signatures in PAN-OS SAML authentication enables an ...
4 years ago
CVE-2022-0023 - An improper handling of exceptional conditions vulnerability exists in the DNS proxy feature of Palo Alto Networks PAN-OS software that enables a meddler-in-the-middle (MITM) to send specifically crafted traffic to the firewall that causes the ...
2 years ago
Vulnerability Recap 4/15/24: Palo Alto, Microsoft, Ivanti Exploits - Typically, these vulnerabilities result in remote code execution or denial-of-service attacks, posing major dangers to users' data security. Multiple Vulnerabilities Discovered in LG WebOS Smart TVs. Type of vulnerability: Authorization bypass, ...
11 months ago Esecurityplanet.com CVE-2024-21894 CVE-2024-29990 CVE-2024-3383 CVE-2024-3400
Palo Alto Networks Warns Hackers Combining Vulnerabilities to Compromise Firewalls - Palo Alto Networks has issued urgent warnings as cybersecurity researchers observe threat actors exploiting a combination of vulnerabilities in PAN-OS, the operating system powering its next-generation firewalls. By combining these vulnerabilities, ...
1 month ago Cybersecuritynews.com CVE-2025-0108
Investing in Cloud Infrastructure in the Kingdom of Saudi Arabia - Digital transformation is at the heart of the Kingdom of Saudi Arabia's ambitious Vision 2030 program as the nation looks to future-proof its economy and enhance people's lives. The Kingdom is looking to diversify its economy and develop public ...
9 months ago Paloaltonetworks.com
RedTail Malware Abuses Palo Alto Flaw in Latest Cryptomining Campaign - Hackers with possible ties to the notorious North Korea-linked Lazarus Group are exploiting a recent critical vulnerability in Palo Alto Network's PAN-OS software to run a sophisticated cryptomining operation that likely has nation-state backing. In ...
9 months ago Securityboulevard.com CVE-2024-3400 CVE-2023-46805 CVE-2024-21887 Andariel Lazarus Group
Palo Alto Networks Completes Acquisition of Talon - Palo Alto Networks announced today that it has completed the acquisition of Talon Cyber Security, an Israeli startup selling a secure browser technology to enterprise customers. Palo Alto first announced plans to buy Talon in November 2023 in a deal ...
1 year ago Securityweek.com
Providing Optimal Cloud Security Outcomes Through StateRAMP - Palo Alto Networks reaches a significant milestone as our commitment to comprehensive security achieves the largest number of StateRAMP marketplace approved cybersecurity offerings. In its commitment to be the state and local government's ...
1 year ago Paloaltonetworks.com
Hackers Actively Exploiting New PAN-OS Authentication Bypass Vulnerability - Palo Alto Networks has released a patch for a high-severity authentication bypass vulnerability, identified as CVE-2025-0108, affecting their PAN-OS software. The flaw allows unauthenticated attackers to bypass the authentication required by the ...
1 month ago Cybersecuritynews.com CVE-2025-0108 CVE-2024-0012 CVE-2024-9474
Google Released PoC Exploit for Palo Alto Firewall Command Injection Vulnerability - Google’s Project Zero and Mandiant cybersecurity teams have jointly published a proof-of-concept (PoC) exploit for a high-severity command injection vulnerability in Palo Alto Networks’ PAN-OS OpenConfig plugin. Tracked as CVE-2025-0110, the flaw ...
1 month ago Cybersecuritynews.com CVE-2025-0110 CVE-2025-0108

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)