Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-0108

An authentication bypass in the Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to bypass the authentication otherwise required by the PAN-OS management web interface and invoke certain PHP scripts. While invoking these PHP scripts does not enable remote code execution, it can negatively impact integrity and confidentiality of PAN-OS. You can greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended best practices deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue does not affect Cloud NGFW or Prisma Access software.

Published

2025-02-12T21:15:16.290

Last Modified

2025-06-27T20:39:59.717

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 9.1 (CRITICAL)

Weaknesses

Type: Secondary
CWE-306
Type: Primary
CWE-306

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	paloaltonetworks	pan-os	< 10.1.14	Yes
Operating System	paloaltonetworks	pan-os	< 10.2.7	Yes
Operating System	paloaltonetworks	pan-os	< 11.1.2	Yes
Operating System	paloaltonetworks	pan-os	< 11.2.4	Yes
Operating System	paloaltonetworks	pan-os	10.1.14	Yes
Operating System	paloaltonetworks	pan-os	10.1.14	Yes
Operating System	paloaltonetworks	pan-os	10.1.14	Yes
Operating System	paloaltonetworks	pan-os	10.1.14	Yes
Operating System	paloaltonetworks	pan-os	10.1.14	Yes
Operating System	paloaltonetworks	pan-os	10.1.14	Yes
Operating System	paloaltonetworks	pan-os	10.1.14	Yes
Operating System	paloaltonetworks	pan-os	10.1.14	Yes
Operating System	paloaltonetworks	pan-os	10.1.14	Yes
Operating System	paloaltonetworks	pan-os	10.2.7	Yes
Operating System	paloaltonetworks	pan-os	10.2.7	Yes
Operating System	paloaltonetworks	pan-os	10.2.7	Yes
Operating System	paloaltonetworks	pan-os	10.2.7	Yes
Operating System	paloaltonetworks	pan-os	10.2.7	Yes
Operating System	paloaltonetworks	pan-os	10.2.7	Yes
Operating System	paloaltonetworks	pan-os	10.2.7	Yes
Operating System	paloaltonetworks	pan-os	10.2.7	Yes
Operating System	paloaltonetworks	pan-os	10.2.7	Yes
Operating System	paloaltonetworks	pan-os	10.2.7	Yes
Operating System	paloaltonetworks	pan-os	10.2.7	Yes
Operating System	paloaltonetworks	pan-os	10.2.7	Yes
Operating System	paloaltonetworks	pan-os	10.2.7	Yes
Operating System	paloaltonetworks	pan-os	10.2.7	Yes
Operating System	paloaltonetworks	pan-os	10.2.7	Yes
Operating System	paloaltonetworks	pan-os	10.2.7	Yes
Operating System	paloaltonetworks	pan-os	10.2.7	Yes
Operating System	paloaltonetworks	pan-os	10.2.7	Yes
Operating System	paloaltonetworks	pan-os	10.2.7	Yes
Operating System	paloaltonetworks	pan-os	10.2.7	Yes
Operating System	paloaltonetworks	pan-os	10.2.7	Yes
Operating System	paloaltonetworks	pan-os	10.2.7	Yes
Operating System	paloaltonetworks	pan-os	10.2.7	Yes
Operating System	paloaltonetworks	pan-os	10.2.7	Yes
Operating System	paloaltonetworks	pan-os	10.2.8	Yes
Operating System	paloaltonetworks	pan-os	10.2.8	Yes
Operating System	paloaltonetworks	pan-os	10.2.8	Yes
Operating System	paloaltonetworks	pan-os	10.2.8	Yes
Operating System	paloaltonetworks	pan-os	10.2.8	Yes
Operating System	paloaltonetworks	pan-os	10.2.8	Yes
Operating System	paloaltonetworks	pan-os	10.2.8	Yes
Operating System	paloaltonetworks	pan-os	10.2.8	Yes
Operating System	paloaltonetworks	pan-os	10.2.8	Yes
Operating System	paloaltonetworks	pan-os	10.2.8	Yes
Operating System	paloaltonetworks	pan-os	10.2.8	Yes
Operating System	paloaltonetworks	pan-os	10.2.8	Yes
Operating System	paloaltonetworks	pan-os	10.2.8	Yes
Operating System	paloaltonetworks	pan-os	10.2.8	Yes
Operating System	paloaltonetworks	pan-os	10.2.8	Yes
Operating System	paloaltonetworks	pan-os	10.2.8	Yes
Operating System	paloaltonetworks	pan-os	10.2.8	Yes
Operating System	paloaltonetworks	pan-os	10.2.8	Yes
Operating System	paloaltonetworks	pan-os	10.2.8	Yes
Operating System	paloaltonetworks	pan-os	10.2.8	Yes
Operating System	paloaltonetworks	pan-os	10.2.8	Yes
Operating System	paloaltonetworks	pan-os	10.2.9	Yes
Operating System	paloaltonetworks	pan-os	10.2.9	Yes
Operating System	paloaltonetworks	pan-os	10.2.9	Yes
Operating System	paloaltonetworks	pan-os	10.2.9	Yes
Operating System	paloaltonetworks	pan-os	10.2.9	Yes
Operating System	paloaltonetworks	pan-os	10.2.9	Yes
Operating System	paloaltonetworks	pan-os	10.2.9	Yes
Operating System	paloaltonetworks	pan-os	10.2.9	Yes
Operating System	paloaltonetworks	pan-os	10.2.9	Yes
Operating System	paloaltonetworks	pan-os	10.2.9	Yes
Operating System	paloaltonetworks	pan-os	10.2.9	Yes
Operating System	paloaltonetworks	pan-os	10.2.9	Yes
Operating System	paloaltonetworks	pan-os	10.2.9	Yes
Operating System	paloaltonetworks	pan-os	10.2.9	Yes
Operating System	paloaltonetworks	pan-os	10.2.9	Yes
Operating System	paloaltonetworks	pan-os	10.2.9	Yes
Operating System	paloaltonetworks	pan-os	10.2.9	Yes
Operating System	paloaltonetworks	pan-os	10.2.9	Yes
Operating System	paloaltonetworks	pan-os	10.2.9	Yes
Operating System	paloaltonetworks	pan-os	10.2.9	Yes
Operating System	paloaltonetworks	pan-os	10.2.10	Yes
Operating System	paloaltonetworks	pan-os	10.2.10	Yes
Operating System	paloaltonetworks	pan-os	10.2.10	Yes
Operating System	paloaltonetworks	pan-os	10.2.10	Yes
Operating System	paloaltonetworks	pan-os	10.2.10	Yes
Operating System	paloaltonetworks	pan-os	10.2.10	Yes
Operating System	paloaltonetworks	pan-os	10.2.10	Yes
Operating System	paloaltonetworks	pan-os	10.2.10	Yes
Operating System	paloaltonetworks	pan-os	10.2.10	Yes
Operating System	paloaltonetworks	pan-os	10.2.10	Yes
Operating System	paloaltonetworks	pan-os	10.2.10	Yes
Operating System	paloaltonetworks	pan-os	10.2.10	Yes
Operating System	paloaltonetworks	pan-os	10.2.10	Yes
Operating System	paloaltonetworks	pan-os	10.2.10	Yes
Operating System	paloaltonetworks	pan-os	10.2.11	Yes
Operating System	paloaltonetworks	pan-os	10.2.11	Yes
Operating System	paloaltonetworks	pan-os	10.2.11	Yes
Operating System	paloaltonetworks	pan-os	10.2.11	Yes
Operating System	paloaltonetworks	pan-os	10.2.11	Yes
Operating System	paloaltonetworks	pan-os	10.2.11	Yes
Operating System	paloaltonetworks	pan-os	10.2.11	Yes
Operating System	paloaltonetworks	pan-os	10.2.11	Yes
Operating System	paloaltonetworks	pan-os	10.2.11	Yes
Operating System	paloaltonetworks	pan-os	10.2.11	Yes
Operating System	paloaltonetworks	pan-os	10.2.11	Yes
Operating System	paloaltonetworks	pan-os	10.2.11	Yes
Operating System	paloaltonetworks	pan-os	10.2.12	Yes
Operating System	paloaltonetworks	pan-os	10.2.12	Yes
Operating System	paloaltonetworks	pan-os	10.2.12	Yes
Operating System	paloaltonetworks	pan-os	10.2.12	Yes
Operating System	paloaltonetworks	pan-os	10.2.12	Yes
Operating System	paloaltonetworks	pan-os	10.2.12	Yes
Operating System	paloaltonetworks	pan-os	10.2.13	Yes
Operating System	paloaltonetworks	pan-os	10.2.13	Yes
Operating System	paloaltonetworks	pan-os	10.2.13	Yes
Operating System	paloaltonetworks	pan-os	11.1.2	Yes
Operating System	paloaltonetworks	pan-os	11.1.2	Yes
Operating System	paloaltonetworks	pan-os	11.1.2	Yes
Operating System	paloaltonetworks	pan-os	11.1.2	Yes
Operating System	paloaltonetworks	pan-os	11.1.2	Yes
Operating System	paloaltonetworks	pan-os	11.1.2	Yes
Operating System	paloaltonetworks	pan-os	11.1.2	Yes
Operating System	paloaltonetworks	pan-os	11.1.2	Yes
Operating System	paloaltonetworks	pan-os	11.1.2	Yes
Operating System	paloaltonetworks	pan-os	11.1.2	Yes
Operating System	paloaltonetworks	pan-os	11.1.2	Yes
Operating System	paloaltonetworks	pan-os	11.1.2	Yes
Operating System	paloaltonetworks	pan-os	11.1.2	Yes
Operating System	paloaltonetworks	pan-os	11.1.2	Yes
Operating System	paloaltonetworks	pan-os	11.1.2	Yes
Operating System	paloaltonetworks	pan-os	11.1.2	Yes
Operating System	paloaltonetworks	pan-os	11.1.2	Yes
Operating System	paloaltonetworks	pan-os	11.1.2	Yes
Operating System	paloaltonetworks	pan-os	11.1.3	Yes
Operating System	paloaltonetworks	pan-os	11.1.4	Yes
Operating System	paloaltonetworks	pan-os	11.1.4	Yes
Operating System	paloaltonetworks	pan-os	11.1.4	Yes
Operating System	paloaltonetworks	pan-os	11.1.4	Yes
Operating System	paloaltonetworks	pan-os	11.1.4	Yes
Operating System	paloaltonetworks	pan-os	11.1.4	Yes
Operating System	paloaltonetworks	pan-os	11.1.4	Yes
Operating System	paloaltonetworks	pan-os	11.1.4	Yes
Operating System	paloaltonetworks	pan-os	11.1.4	Yes
Operating System	paloaltonetworks	pan-os	11.1.4	Yes
Operating System	paloaltonetworks	pan-os	11.1.4	Yes
Operating System	paloaltonetworks	pan-os	11.1.4	Yes
Operating System	paloaltonetworks	pan-os	11.1.4	Yes
Operating System	paloaltonetworks	pan-os	11.1.5	Yes
Operating System	paloaltonetworks	pan-os	11.1.6	Yes
Operating System	paloaltonetworks	pan-os	11.2.4	Yes
Operating System	paloaltonetworks	pan-os	11.2.4	Yes
Operating System	paloaltonetworks	pan-os	11.2.4	Yes
Operating System	paloaltonetworks	pan-os	11.2.4	Yes

References

https://security.paloaltonetworks.com/CVE-2025-0108 Exploit, Vendor Advisory ([email protected])
https://github.com/iSee857/CVE-2025-0108-PoC Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://slcyber.io/blog/nginx-apache-path-confusion-to-auth-bypass-in-pan-os/ Exploit, Press/Media Coverage (af854a3a-2127-422b-91ae-364da2661108)
https://www.bleepingcomputer.com/news/security/palo-alto-networks-tags-new-firewall-bug-as-exploited-in-attacks/ Press/Media Coverage, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.darkreading.com/remote-workforce/patch-now-cisa-researchers-warn-palo-alto-flaw-exploited-wild Press/Media Coverage, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.securityweek.com/palo-alto-networks-confirms-exploitation-of-firewall-vulnerability/ Press/Media Coverage, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.theregister.com/2025/02/19/palo_alto_firewall_attack/ Press/Media Coverage, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)