External risk intelligence

Palo Alto Networks PAN-OS Authentication Bypass Vulnerability.

CVE advisoryKnown Exploit

CVE-2025-0108

The Palo Alto Networks PAN-OS management web interface has an authentication bypass vulnerability. This allows an unauthenticated attacker with network access to invoke specific PHP scripts, impacting system integrity and confidentiality. Business risk includes unauthorized access to sensitive data and potential system

4Halo Surface Signal

Missing Authentication

Paloaltonetworks Pan Os

10.1.0 to before 10.1.1410.2.0 to before 10.2.711.1.0 to before 11.1.211.2.0 to before 11.2.410.1.1410.2.710.2.8

External exposure likelihood

Halo Surface Signal score for CVE-2025-0108

The vulnerability affects the management web interface of network security appliances. While best practices dictate that these interfaces should be restricted to internal networks, they are frequently deployed as network-accessible management services that can be exposed to the internet if not properly configured or if the management plane is inappropriately accessible.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:M/U:Red

Horizon Alert

Summary of the vulnerability and why it matters

The PAN-OS software's management web interface is vulnerable. This flaw allows an unauthenticated attacker to bypass authentication and execute specific PHP scripts. The impact can include a negative effect on the integrity and confidentiality of the PAN-OS system.

  • Vulnerable PAN-OS management interface
  • Authentication bypass weakness
  • Compromised system integrity and confidentiality

Attack Path

How an attacker could exploit the issue

An unauthenticated attacker with network access can bypass the management web interface authentication of PAN-OS software. This allows the attacker to invoke specific PHP scripts. While this does not directly lead to code execution, it can impact the integrity and confidentiality of the PAN-OS system. Organizations can reduce this risk by restricting access to the management web interface to trusted internal IP addresses.

  • Network access to management interface.
  • Attacker bypasses authentication.
  • Invokes PHP scripts, impacting data.

Live Threat

Current exploitation, exposure, and threat context

The identified vulnerability in Palo Alto Networks PAN-OS software allows unauthenticated attackers with network access to the management web interface to bypass security controls. This bypass enables the invocation of specific PHP scripts, which can impact the integrity and confidentiality of the PAN-OS system. While direct remote code execution is not enabled, the potential for system manipulation presents a significant risk. Organizations are advised to restrict access to the management web interface to trusted internal IP addresses as a recommended best practice to mitigate this risk.

  • Likely attacker skill level: Low
  • Required access or conditions: Network access to the management web interface
  • Business risk or urgency: High

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

An authentication bypass vulnerability in Palo Alto Networks' PAN-OS software allows an unauthenticated attacker with network access to the management web interface to invoke certain PHP scripts. This can negatively impact the integrity and confidentiality of PAN-OS. Affected PAN-OS versions include those prior to 10.1.14-h9, 10.2.13-h3, 11.1.6-h1, and 11.2.4-h4, among others.

  • Identify all affected PAN-OS assets.
  • Restrict management interface access.
  • Apply vendor patches and monitor systems.

Frequently asked questions

What is the Palo Alto Networks PAN-OS authentication bypass vulnerability (CVE-2025-0108)?

This vulnerability in PAN-OS software allows an unauthenticated attacker with network access to the management web interface to bypass authentication and run specific PHP scripts, impacting system integrity and confidentiality.

How can an attacker exploit the PAN-OS authentication bypass vulnerability?

An attacker can exploit this by gaining network access to the PAN-OS management web interface, bypassing authentication, and invoking certain PHP scripts. This can negatively affect the integrity and confidentiality of the PAN-OS system.

What is the primary weakness class for CVE-2025-0108?

The primary weakness class identified for this vulnerability is CWE-306, which relates to 'Authentication Bypass by Capture-The-Flag Technique'.

What is the impact of the PAN-OS authentication bypass, and how can it be mitigated?

While not enabling remote code execution, the bypass can negatively impact the integrity and confidentiality of PAN-OS. To mitigate, restrict access to the management web interface to trusted internal IP addresses and apply vendor patches.

What is the recommended action for organizations facing the PAN-OS authentication bypass?

Organizations should identify all affected PAN-OS assets, restrict access to the management interface to trusted IP addresses, and apply vendor-provided patches. Monitoring systems for any signs of compromise is also crucial.

References

Sources and related resources

Primary sources: NVD, CVE.org, CISA KEV.

NVDPublished Modified