PAN-OS: authentication bypass (CVE-2025-0108) #shorts

Summary

In today's episode, we delve into a critical security vulnerability, CVE-2025-0108, affecting the management web interface of certain Palo Alto Networks products. This vulnerability, identified as an authentication bypass, has the potential to impact the integrity and confidentiality of the affected systems. We'll explore the products at risk, the nature of this vulnerability, and share insights on how you can protect your systems.

Product details

CVE-2025-0108 affects Palo Alto Networks' PAN-OS software specifically. Products like Palo Alto Cloud NGFW and Prisma Access are unaffected by this vulnerability. However, certain versions of PAN-OS, including but not limited to versions 10.1.0, 10.2.0, 11.1.0, and 11.2.0 are impacted unless they are updated to the patched versions: 10.1.14-h9, 10.2.13-h3, 11.1.6-h1, and 11.2.4-h4 respectively.

Vulnerability type summary

The vulnerability falls under CWE-306 - Missing Authentication for Critical Function. It allows unauthenticated attackers with network access to bypass the authentication required by the PAN-OS management web interface, thereby compromising the system's integrity and confidentiality.

Details of the vulnerability

CVE-2025-0108 allows attackers to invoke certain PHP scripts in the management web interface without proper authentication. This could lead to unauthorized access and manipulation of system configurations. Although this vulnerability doesn't permit remote code execution, it poses a significant threat to the integrity and confidentiality of the affected systems. It's crucial for users to restrict access to the management interface to trusted internal IP addresses as a mitigation measure.

Conclusion

The discovery of CVE-2025-0108 underscores the critical importance of ensuring that security patches and updates are promptly applied. Organizations using vulnerable versions of PAN-OS should upgrade to the latest versions immediately. Additionally, they should adhere to Palo Alto Networks' best practices for securing management access to reduce risk. Stay vigilant and ensure that your systems remain secure in the ever-evolving threat landscape.

Watch the full video on YouTube: CVE-2025-0108

Remediation and exploitation details

This chain involves the following actors

This following systems are involved

Attack entry point

Remediation actions

Exploitation actions

Related Content

NOTE: The following related content has not been vetted and may be unsafe.

CVE database technical details

CVE ID
CVE-2025-0108
Description
An authentication bypass in the Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to bypass the authentication otherwise required by the PAN-OS management web interface and invoke certain PHP scripts. While invoking these PHP scripts does not enable remote code execution, it can negatively impact integrity and confidentiality of PAN-OS. You can greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended best practices deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue does not affect Cloud NGFW or Prisma Access software.
Provider
palo_alto
CWE / problem types
CWE-306 Missing Authentication for Critical Function
Affected Software Versions
Palo Alto Networks:Cloud NGFW:[{'status': 'unaffected', 'version': 'All', 'versionType': 'custom'}],Palo Alto Networks:PAN-OS:[{'changes': [{'at': '10.1.14-h9', 'status': 'unaffected'}], 'lessThan': '10.1.14-h9', 'status': 'affected', 'version': '10.1.0', 'versionType': 'custom'}, {'changes': [{'at': '10.2.7-h24', 'status': 'unaffected'}, {'at': '10.2.8-h21', 'status': 'unaffected'}, {'at': '10.2.9-h21', 'status': 'unaffected'}, {'at': '10.2.12-h6', 'status': 'unaffected'}, {'at': '10.2.13-h3', 'status': 'unaffected'}, {'at': '10.2.10-h14', 'status': 'unaffected'}, {'at': '10.2.11-h12', 'status': 'unaffected'}], 'lessThan': '10.2.7-h24', 'status': 'affected', 'version': '10.2.0', 'versionType': 'custom'}, {'changes': [{'at': '11.1.6-h1', 'status': 'unaffected'}, {'at': '11.1.2-h18', 'status': 'unaffected'}], 'lessThan': '11.1.6-h1', 'status': 'affected', 'version': '11.1.0', 'versionType': 'custom'}, {'changes': [{'at': '11.2.4-h4', 'status': 'unaffected'}], 'lessThan': '11.2.4-h4', 'status': 'affected', 'version': '11.2.0', 'versionType': 'custom'}],Palo Alto Networks:Prisma Access:[{'status': 'unaffected', 'version': 'All', 'versionType': 'custom'}]
Date Published
2025-02-12T20:55:34.610Z
Last Updated
2025-04-03T15:30:48.771Z