Palo Alto Networks has released crucial security updates to fix a high-severity vulnerability in its PAN-OS software that could allow attackers to bypass authentication protections. This flaw, tracked as CVE-2025-0108, has been assigned a CVSS score of 7.8 out of 10. However, the risk level drops to 5.1 if the management interface is restricted to a jump box.
What is the Issue?
The authentication bypass flaw allows unauthenticated attackers with network access to the PAN-OS management web interface to bypass authentication and invoke specific PHP scripts. While this does not allow remote code execution, it can compromise the integrity and confidentiality of the system. The ability to manipulate or access sensitive configurations poses a significant risk to enterprise security.
Affected PAN-OS Versions
The vulnerability impacts the following versions:
PAN-OS 11.2 – Versions below 11.2.4-h4 (Fixed in 11.2.4-h4 and later)
PAN-OS 11.1 – Versions below 11.1.6-h1 (Fixed in 11.1.6-h1 and later)
PAN-OS 11.0 – No fix available (End-of-life on November 17, 2024)
PAN-OS 10.2 – Versions below 10.2.13-h3 (Fixed in 10.2.13-h3 and later)
PAN-OS 10.1 – Versions below 10.1.14-h9 (Fixed in 10.1.14-h9 and later)
Discovery
Adam Kues, a security researcher from Searchlight Cyber/Assetnote, identified and reported the flaw. According to Kues, the issue arises due to a discrepancy between Nginx and Apache components in how they handle incoming requests. This leads to a directory traversal attack, allowing unauthorized access to system functions.
Potential Impact
Exploiting this vulnerability can have severe consequences for organizations relying on Palo Alto Networks’ firewalls and security systems. Attackers who gain access to the management interface can alter configurations, disable security settings, or retrieve sensitive information. This could lead to data breaches, service outages, or even secondary attacks if attackers leverage compromised systems for further infiltration.
Companies in sectors like finance, healthcare, and government—where security is paramount—could be particularly at risk. Organizations must act swiftly to mitigate the risks by applying patches and ensuring their network security settings are correctly configured.
Other Security Flaws Fixed
Along with CVE-2025-0108, Palo Alto Networks has also addressed two additional vulnerabilities:
CVE-2025-0109 (CVSS Score: 5.5) – A file deletion vulnerability in the PAN-OS management web interface. This flaw allows unauthenticated attackers with network access to delete specific files, including logs and configuration files, as the “nobody” user. Fixed in PAN-OS 11.2.4-h4, 11.1.6-h1, 10.2.13-h3, and 10.1.14-h9.
CVE-2025-0110 (CVSS Score: 7.3) – A command injection vulnerability in the PAN-OS OpenConfig plugin. This flaw lets authenticated administrators bypass system restrictions and execute arbitrary commands using gNMI requests. Fixed in OpenConfig Plugin version 2.1.2.
Mitigation
Palo Alto Networks strongly advises customers to take the following precautions to reduce the risk of exploitation:
Disable internet access to the PAN-OS management interface or restrict it to a trusted network.
Apply the latest security updates to patch the vulnerabilities.
If OpenConfig is not in use, disable or uninstall the plugin to prevent potential exploitation.
Monitor network logs for unusual activity and implement strict access controls.
Organizations should also consider Zero Trust Architecture (ZTA) principles, which emphasize strict verification and least-privilege access. This can significantly reduce the impact of authentication bypass vulnerabilities by limiting who and what has access to critical systems.
Industry Response and Best Practices
The cybersecurity community has responded swiftly, urging Palo Alto users to prioritize patching this vulnerability. Security experts emphasize the need for proactive vulnerability management and regular security audits.
In addition, businesses should ensure that multi-factor authentication (MFA) is enabled wherever possible to provide an additional layer of protection. While this particular flaw bypasses authentication mechanisms, a robust security strategy should include MFA, network segmentation, and regular penetration testing.
History of PAN-OS Security Issues
This is not the first time Palo Alto Networks has had to address vulnerabilities in PAN-OS. Previous issues have included critical firewall bypass flaws and zero-day vulnerabilities exploited in the wild. While the company is proactive in releasing security patches, these incidents highlight the ongoing need for vigilance and continuous security monitoring.
Conclusion
The CVE-2025-0108 vulnerability poses a significant security risk, making it essential for Palo Alto Networks customers to update their systems immediately. Organizations should also review their security configurations and restrict access to critical management interfaces. By following best practices and keeping software up to date, businesses can minimize exposure to cyber threats.
For the latest updates and detailed security recommendations, visit the Palo Alto Networks security advisory page.
Follow us on 
(Twitter) for real time updates and exclusive content.
Interesting Article : CVE-2025-24200, Apple Patches Zero-Day Exploit Targeting iPhones
mly informative and well-written!”