CVE‑2025‑0108 is an authentication bypass vulnerability found in Palo Alto Networks’ PAN‑OS software. This vulnerability allows an unauthenticated attacker with network access to the management web interface to bypass standard authentication and invoke specific PHP scripts. While the flaw doesn’t directly lead to remote code execution, it can compromise the confidentiality and integrity of the device’s management functions by exposing sensitive configuration data and potentially altering firewall settings. The root cause is a discrepancy in how the PAN‑OS web server components (notably Nginx and Apache) handle HTTP requests, which creates a pathway for bypassing authentication checks. This issue is classified under CWE‑306 (“Missing Authentication for Critical Function”) and is considered high severity.
The issue affects several PAN‑OS versions, specifically:
• PAN‑OS 10.1 versions earlier than 10.1.14‑h9
• PAN‑OS 10.2 versions earlier than 10.2.13‑h3
• PAN‑OS 11.1 versions earlier than 11.1.6‑h1
• PAN‑OS 11.2 versions earlier than 11.2.4‑h4
Palo Alto Networks has released patches to address this vulnerability. Administrators are strongly advised to update their PAN-OS software to the latest version promptly. Additionally, it’s recommended to restrict access to the management web interface from untrusted networks to mitigate potential exploitation risks.
Reports indicate that attempts to exploit CVE-2025-0108 began shortly after its disclosure.
See more details on: