Summary: A significant authentication bypass vulnerability in Palo Alto Networks firewalls, identified as CVE-2025-0108, has been exploited just a day post-disclosure, with attempts occurring from multiple malicious IPs. Researchers expressed concerns over the potential for this flaw to be exploited in conjunction with another vulnerability for complete remote code execution. The urgency of the situation is heightened by the fact that some systems may not have been updated for several months, potentially leaving them vulnerable.
Affected: Palo Alto Networks Firewalls
Keypoints :
- Exploitation attempts for CVE-2025-0108 began shortly after public disclosure on February 12.
- Malicious exploitation observed from five unique IP addresses, as reported by GreyNoise.
- The vulnerability requires chaining with another flaw for remote code execution, with references made to CVE-2024-9474.
- Palo Alto Networks’ advisory indicates the vulnerability is of high severity, but the urgency rating is considered moderate.
- Assetnote published technical details immediately after the patch release, raising operational risks.
Source: https://www.securityweek.com/hackers-exploit-palo-alto-firewall-vulnerability-day-after-disclosure/