CVE-2025-0108

9.1 CRITICAL CISA KEV - Actively Exploited
Published: February 12, 2025 Modified: November 04, 2025
View on NVD

Description

An authentication bypass in the Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to bypass the authentication otherwise required by the PAN-OS management web interface and invoke certain PHP scripts. While invoking these PHP scripts does not enable remote code execution, it can negatively impact integrity and confidentiality of PAN-OS. You can greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended best practices deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue does not affect Cloud NGFW or Prisma Access software.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://security.paloaltonetworks.com/CVE-2025-0108
Source: psirt@paloaltonetworks.com
Exploit Vendor Advisory
https://github.com/iSee857/CVE-2025-0108-PoC
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit Third Party Advisory
https://slcyber.io/blog/nginx-apache-path-confusion-to-auth-bypass-in-pan-os/
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit Press/Media Coverage
https://www.bleepingcomputer.com/news/security/palo-alto-networks-tags-new-firewall-bug-as-exploited-in-attacks/
Source: af854a3a-2127-422b-91ae-364da2661108
Press/Media Coverage Third Party Advisory
https://www.darkreading.com/remote-workforce/patch-now-cisa-researchers-warn-palo-alto-flaw-exploited-wild
Source: af854a3a-2127-422b-91ae-364da2661108
Press/Media Coverage Third Party Advisory
https://www.securityweek.com/palo-alto-networks-confirms-exploitation-of-firewall-vulnerability/
Source: af854a3a-2127-422b-91ae-364da2661108
Press/Media Coverage Third Party Advisory
https://www.theregister.com/2025/02/19/palo_alto_firewall_attack/
Source: af854a3a-2127-422b-91ae-364da2661108
Press/Media Coverage Third Party Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-0108
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
US Government Resource

8 reference(s) from NVD

Quick Stats

CVSS v3 Score
9.1 / 10.0
EPSS (Exploit Probability)
94.0%
100th percentile
Exploitation Status
Actively Exploited
Remediation due: 2025-03-11

Weaknesses (CWE)

CWE-306 CWE-306

Affected Vendors

paloaltonetworks

Related CVEs

CVE-2025-52691 10.0
CVE-2025-15168 7.3
CVE-2025-15167 7.3
CVE-2025-15166 7.3
CVE-2025-15165 7.3