Palo Alto Networks recently addressed a critical vulnerability (CVE-2025-0108) in the management web interface of their next-gen firewalls, a vulnerability that could potentially lead to an authentication bypass. Although a proof-of-concept exploit for this flaw has been publicly disclosed, Palo Alto Networks assured that they have not detected any instances of malicious exploitation.
The discovery of CVE-2025-0108 came after Assetnote researchers decided to delve into the patches for previously exploited vulnerabilities, CVE-2024-0012 and CVE-2024-9474, which had resulted in the compromise of thousands of PAN firewalls in November 2024. Following their investigation, the researchers found exploitable variations in how Nginx, Apache, and the PHP application handle web requests to the management interface.
According to Adam Kues, a researcher at Assetnote, exploiting this vulnerability may allow attackers to invoke certain PHP scripts that, although not enabling remote code execution, can still have a detrimental impact on the integrity and confidentiality of PAN-OS. Palo Alto Networks confirmed the fix for CVE-2025-0108 in PAN-OS versions 11.2.4-h4 and later, ensuring that the issue is addressed and mitigated.
Moreover, the latest updates also include fixes for CVE-2025-0111, an authenticated file read vulnerability, and CVE-2025-0109, an unauthenticated file deletion vulnerability, both present in the management web interface of the firewalls. Administrators are strongly advised to test and implement these updates promptly, alongside enhancing security measures such as restricting access to the management interface from untrusted networks and allowing access only from trusted internal IP addresses to reduce the risk of exploitation.
In a related matter, Palo Alto Networks addressed an unexpected reboot bug in version 11.1.4-h7/h9 of PAN-OS, which caused some firewalls to restart unexpectedly due to specific traffic conditions. The hotfix 11.1.4-h12 was promptly released to resolve this issue, with an additional regression fix planned for release in hotfix 11.1.4-h13 by February 20 or sooner.
Furthermore, Palo Alto Networks rolled out security updates for other vulnerabilities on the same day, reinforcing their commitment to addressing potential security risks promptly and proactively. It is noteworthy that none of the vulnerabilities remedied in these updates have been observed being exploited in the wild, underscoring the importance of staying vigilant and keeping systems up to date with the latest patches for optimal defense against potential threats.