PAN-OS Management Interface Under Threat: Cyberattackers Exploit Critical Vulnerability
A high-risk vulnerability in Palo Alto Networks’ PAN-OS firewalls has been exploited by cybercriminals to bypass authentication and potentially compromise system integrity and privacy.
Cyber attackers are exploiting a critical security flaw, CVE-2025-0108, found in Palo Alto Networks’ PAN-OS firewall system. This vulnerability, recently patched, affects the management web interface of PAN-OS, allowing unauthorized users within a network to bypass authentication processes. By executing specific PHP scripts, attackers can compromise the system's integrity and data privacy.
On February 12, Palo Alto Networks issued a security bulletin urging system administrators to upgrade to the following versions immediately:
- 11.2.4-h4 or later
- 11.1.6-h1 or later
- 10.2.13-h3 or later
- 10.1.14-h9 or later
The PAN-OS 11.0 version is also impacted by the vulnerability, but since it has reached its end of life, no security updates will be provided. Therefore, users of this version are strongly advised to upgrade to a supported release.
Security Researchers’ Warning
The vulnerability, CVE-2025-0108, was discovered by cybersecurity firm Assetnote and reported to Palo Alto Networks. In a technical report published after the patch release, the researchers demonstrated that attackers could exploit this flaw to extract sensitive system data, view firewall configurations, or alter specific settings.
The attackers leverage a confusion between Nginx and Apache servers within PAN-OS to bypass authentication and gain system access.
Surge in Attack Attempts
Cyber threat monitoring platform GreyNoise has recorded an increasing number of attack attempts targeting unpatched PAN-OS systems. As of February 13, 17:00 UTC, attacks originating from multiple IP addresses and threat actors attempting to exploit this vulnerability have been observed.
Additionally, Yutaka Sejiyama, a security researcher at Macnica, revealed that over 4,400 PAN-OS devices worldwide still have their management interfaces exposed to the internet.
Defense Recommendations
Experts predict a rise in attack attempts due to the public disclosure of this vulnerability. To mitigate the risk, the following measures are recommended:
- Immediate application of security patches
- Restricting access to the firewall management interface
- Implementing additional security controls to prevent unauthorized network access
If exploited, this vulnerability could place systems in significant jeopardy, underscoring the need for prompt action from authorities and system administrators.
What's Your Reaction?
Like
0
Dislike
0
Love
0
Funny
0
Angry
0
Sad
0
Wow
0
