Summary: Palo Alto Networks published 10 new security advisories addressing vulnerabilities in its products, with a focus on CVE-2025-0108, a high-severity flaw in PAN-OS that could allow an unauthenticated attacker to bypass authentication. Although this flaw is serious, it does not enable remote code execution, and the company has provided patches and mitigations. Assetnote researchers have flagged this vulnerability as critical, suggesting potential for remote code execution when combined with other vulnerabilities.
Affected: Palo Alto Networks products, specifically PAN-OS
Keypoints :
- CVE-2025-0108 allows unauthenticated attackers to bypass authentication on PAN-OS, impacting integrity and confidentiality.
- Palo Alto Networks rated CVE-2025-0108 high severity (CVSS score of 7.8) but with moderate urgency, as there’s no evidence of exploitation in the wild.
- Other advisories include issues in Cortex XDR and additional patches for medium-severity vulnerabilities, with no known exploitation so far.
Source: https://www.securityweek.com/palo-alto-networks-patches-potentially-serious-firewall-vulnerability/