![[The AI Show Episode 142]: ChatGPT’s New Image Generator, Studio Ghibli Craze and Backlash, Gemini 2.5, OpenAI Academy, 4o Updates, Vibe Marketing & xAI Acquires X](https://www.marketingaiinstitute.com/hubfs/ep%20142%20cover.png)
![[FREE EBOOKS] The Kubernetes Bible, The Ultimate Linux Shell Scripting Guide & Four More Best Selling Titles](https://www.javacodegeeks.com/wp-content/uploads/2012/12/jcg-logo.jpg){kind=logo}
![From drop-out to software architect with Jason Lengstorf [Podcast #167]](https://cdn.hashnode.com/res/hashnode/image/upload/v1743796461357/f3d19cd7-e6f5-4d7c-8bfc-eb974bc8da68.png?#)
.png?#)
.jpg?#)
_Christophe_Coat_Alamy.jpg?#)
![Rapidus in Talks With Apple as It Accelerates Toward 2nm Chip Production [Report]](https://www.iclarified.com/images/news/96937/96937/96937-640.jpg)
CISA Warns of Palo Alto PAN-OS Vulnerability Actively Exploited in the Wild
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding actively exploiting a high-severity authentication bypass vulnerability (CVE-2025-0108) in Palo Alto Networks PAN-OS, the operating system powering the company’s firewall devices. With over 25 malicious IPs targeting unpatched systems globally, federal authorities and cybersecurity experts warn that attackers could chain this flaw […] The post CISA Warns of Palo Alto PAN-OS Vulnerability Actively Exploited in the Wild appeared first on Cyber Security News.
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding actively exploiting a high-severity authentication bypass vulnerability (CVE-2025-0108) in Palo Alto Networks PAN-OS, the operating system powering the company’s firewall devices.
With over 25 malicious IPs targeting unpatched systems globally, federal authorities and cybersecurity experts warn that attackers could chain this flaw with other vulnerabilities to compromise critical network infrastructure.
CVE-2025-0108 (CVSSv3.1 score 7.8) enables unauthenticated attackers with network access to the PAN-OS management web interface to bypass authentication controls and execute specific PHP scripts.
While not directly permitting remote code execution, this flaw jeopardizes system integrity and confidentiality by allowing unauthorized access to sensitive functions.
Palo Alto Networks confirmed that exploiting CVE-2025-0108 in combination with CVE-2024-9474, a privilege escalation vulnerability patched in November 2024, enables full device compromise.
Affected versions include PAN-OS 10.1 (before 10.1.14-h9), 10.2 (before 10.2.13-h3), 11.1 (before 11.1.6-h1), and 11.2 (before 11.2.4-h4). Cloud NGFW and Prisma Access deployments remain unaffected.
Exploitation Trends and Attribution
GreyNoise observed exploitation attempts surging from 2 malicious IPs on February 13 to 25 by February 18, with traffic originating primarily from the United States, Germany, and the Netherlands.
Attackers leverage publicly available proof-of-concept (PoC) exploits, many derived from technical details disclosed by Assetnote researchers who first identified the flaw while investigating earlier PAN-OS vulnerabilities.
Palo Alto Networks updated its advisory on February 19 to confirm “increasing numbers of attacks” targeting unpatched firewalls, particularly those with internet-facing management interfaces.
“We urge all customers to immediately apply updates and restrict management interface access,” stated Steven Thai, a Palo Alto spokesperson.
CISA and Palo Alto Networks recommend the following actions:
- Apply Patches Immediately: Upgrade PAN-OS to versions 10.1.14-h9, 10.2.13-h3, 11.1.6-h1, or 11.2.4-h4, which resolve CVE-2025-0108.
- Restrict Management Interface Access: Limit connectivity to trusted internal IP addresses, avoiding public internet exposure16.
- Disable Unused Services: Deactivate the OpenConfig plugin if not required, as it could introduce additional attack vectors2.
- Monitor for Exploitation: Utilize threat intelligence platforms like GreyNoise to track malicious IPs associated with CVE-2025-010814.
Assetnote’s Shubham Shah emphasized that CVE-2025-0108’s real danger lies in its role as an initial access vector: “Attackers combine it with secondary exploits to achieve command execution.” The tactic mirrors previous campaigns exploiting CVE-2024-0012 and CVE-2024-9474, which also targeted PAN-OS authentication mechanisms.
Federal agencies and enterprises reliant on Palo Alto firewalls must prioritize patch deployment, as unsecured devices face imminent compromise. CISA’s alert aligns with its “Secure by Design” initiative, urging vendors and customers to eliminate default exposures in critical infrastructure.
With active exploitation escalating, organizations cannot afford delays in mitigating CVE-2025-0108. As Palo Alto Networks works to contain the threat, administrators must enforce strict access controls and assume unpatched devices are already compromised.
Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free
The post CISA Warns of Palo Alto PAN-OS Vulnerability Actively Exploited in the Wild appeared first on Cyber Security News.
