A vulnerability has been identified in the Palo Alto Networks PAN-OS software. The vulnerability could allow an unauthenticated threat actor with network access to the management web interface to successfully bypass the authentication. The vulnerability (CVE-2025-0108) has a Critical CVSSv4.0 score of 8.8 out of 10.
Description:
The vulnerability involves an authentication bypass in the Palo Alto Networks PAN-OS software, widely used for managing network security. An attacker with network access can exploit this flaw bypassing the authentication on the management web interface and invoke specific PHP scripts. It must be noted that these scripts do not enable remote code execution, however, their invocation can negatively impact the system’s integrity and confidentiality.
To mitigate the risk, it is recommended to restrict access to the management web interface to trust only internal IP addresses in line with deployment best practices. Note that this issue does not affect Cloud NGFW or Prisma Access software.
A recent Proof-of-Concept software release also raises the urgency of patching, making in-the-wild exploitation easier for threat actors to accomplish.
Customers are strongly advised to follow the recommended best practices deployment guidelines for Palo Alto products that can be found here: https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431
Affected Versions:
| Versions | Affected |
| PAN-OS 11.2 | < 11.2.4-h4 |
| PAN-OS 11.1 | < 11.1.6-h1 |
| PAN-OS 10.2 | < 10.2.13-h3 |
| PAN-OS 10.1 | < 10.1.14-h9 |
Recommendations:
- Promptly upgrade PAN-OS software to the latest version.
- Examine application logs to ensure no unauthorized access has already taken place.
- Ensure automatic updates are enabled for future instances whenever possible.
