Summary: Palo Alto Networks has issued advisories for two high-severity vulnerabilities in PAN-OS, allowing attackers to bypass authentication and execute arbitrary commands. CVE-2025-0108 enables unauthenticated access to invoke PHP scripts, while CVE-2025-0110 allows authenticated administrators to execute commands through a command injection flaw. Users are urged to update their PAN-OS software and restrict access to management interfaces to mitigate these vulnerabilities.
Affected: Palo Alto Networks PAN-OS
Keypoints :
- CVE-2025-0108: Authentication bypass vulnerability with CVSS score of 7.8.
- CVE-2025-0110: Command injection vulnerability with CVSS score of 7.3.
- Both vulnerabilities affect specific versions of PAN-OS and the OpenConfig plugin.
- Palo Alto Networks recommends updating software and restricting access to trusted IP addresses.
- If the OpenConfig plugin is not in use, it should be disabled or uninstalled.