Skip to main content
close search
site logo
Dive Brief

Palo Alto Networks warns firewall vulnerability is under active exploitation

The flaw, when chained together with a prior vulnerability, can allow an attacker to gain access to unpatched firewalls.

Published Feb. 18, 2025
David Jones's headshot
Reporter
Palo Alto Networks
Cybersecurity professionals assemble for a presentation at Palo Alto Networks' booth on the show floor on April 27, 2023 at the RSA Conference in San Francisco. The company warned that hackers are targeting an authentication bypass vulnerability in PAN-OS. Matt Kapko/Cybersecurity Dive

Dive Brief:

  • Palo Alto Networks on Monday confirmed that a high severity vulnerability, listed as CVE-2025-0108, in its PAN-OS management web interface was being exploited by attackers in the wild.
  • The authentication bypass vulnerability, when chained with the CVE-2024-9474 privilege escalation vulnerability, could allow an attacker to gain access to unsecured and unpatched firewalls.
  • “We are urging all customers with internet-facing PAN-OS management interfaces to immediately apply the security updates released on Feb. 12, 2025,” Steven Thai, a spokesperson for Palo Alto Networks said via email.

Dive Insight:

Researchers from AssetNote discovered the zero-day authentication bypass in the PAN-OS management interface while investigating previously disclosed exploit activity linked to PAN -OS flaws CVE-2024-0012 and CVE-2024-9474

CVE-2024-0012, with a CVSS score of 9.3, allows unauthenticated attackers with network access to obtain PAN-OS administrator privileges and potentially tamper with device configuration. The vulnerability could allow attackers to exploit other authenticated privilege escalation bugs, such as CVE-2024-9474. 

“Attackers have to combine it with another exploit in order to achieve command execution,” said Shubham Shah, co-founder and CTO of AssetNote, told Cybersecurity Dive via email. 

AssetNote researchers discovered suspicious behavior while investigating those vulnerabilities, even in networks where the flaws had been patched.

Palo Alto Networks last week warned in an advisory that CVE-2025-0108 could allow an unauthenticated attacker with network access to the PAN-OS management web interface to bypass authentication and invoke certain PHP scripts. 

Researchers at GreyNoise identified 25 unique IPs with malicious intent, according to a spokesperson there. 

Filed Under: Vulnerability

Editors' picks

Company Announcements

View all | Post a press release
Whalebone Secures €13.35M in Funding to Accelerate Global Growth and Innovation
From Whalebone
February 18, 2025
Invary’s Mission to Ensure the Confidentiality and Security of Systems at Runtime Accelerates …
From Invary
February 03, 2025
Whalebone Strengthens APAC Cybersecurity with New Major Telco Partners
From Whalebone
February 11, 2025
Cobalt Iron Compass® Named a DCIG TOP 5 Enterprise VMware Backup Solution for 2025-26
From Cobalt Iron
February 05, 2025
Editors' picks
Latest in Vulnerability
Industry Dive is an Informa TechTarget business.
© 2025 TechTarget, Inc. or its subsidiaries. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell
This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world's technology buyers and sellers. All copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.'s registered office is 275 Grove St. Newton, MA 02466.