Summary: Palo Alto Networks has addressed a critical vulnerability in its PAN-OS software, known as CVE-2025-0108, which could lead to authentication bypass and potentially compromise system integrity. The flaw affects multiple versions of PAN-OS and has a high severity with a CVSS score of 7.8. Additional vulnerabilities have also been mitigated in the recent updates, emphasizing the importance of securing the management interface.
Affected: Palo Alto Networks PAN-OS
Keypoints :
- Critical vulnerability CVE-2025-0108 allows unauthenticated network access to bypass authentication on the management web interface.
- The vulnerability can affect integrity and confidentiality but does not enable remote code execution.
- Other fixed vulnerabilities include CVE-2025-0109, a file deletion flaw, and CVE-2025-0110, a command injection flaw.
- It is recommended to restrict access to the management interface from untrusted networks to mitigate risks.
Source: https://thehackernews.com/2025/02/palo-alto-networks-patches.html