CVE-2025-0108 Palo Alto PAN-OS Authentication Bypass Vulnerability

CVE-2025-0108 Description

CVE-2025-0108 is a critical authentication bypass vulnerability identified in Palo Alto Networks’ PAN-OS software, which powers the company’s next-generation firewalls. Discovered by the Assetnote security research team, this flaw allows unauthenticated attackers with network access to the management web interface to bypass authentication mechanisms and invoke specific PHP scripts. While this vulnerability does not permit remote code execution on its own, it significantly compromises the integrity and confidentiality of the PAN-OS system by granting unauthorized access to sensitive management functions.

What is Vulnerable to CVE-2025-0108

The vulnerability affects multiple versions of PAN-OS. Specifically, systems running the following versions are at risk:

• PAN-OS 11.2 versions earlier than 11.2.4-h4
• PAN-OS 11.1 versions earlier than 11.1.6-h1
• PAN-OS 10.2 versions earlier than 10.2.13-h3
• PAN-OS 10.1 versions earlier than 10.1.14-h9

It’s important to note that Cloud NGFW and Prisma Access software are not affected by this vulnerability. Additionally, PAN-OS 11.0 has reached its end of life as of November 17, 2024, and will not receive updates; users are advised to upgrade to a supported version.

Mitigation and Remediation for CVE-2025-0108

To protect systems from potential exploitation of CVE-2025-0108, administrators should take the following actions:

1. Upgrade PAN-OS: Update to the latest versions that have addressed this vulnerability:

   • Upgrade to PAN-OS 11.2.4-h4 or later
   • Upgrade to PAN-OS 11.1.6-h1 or later
   • Upgrade to PAN-OS 10.2.13-h3 or later
   • Upgrade to PAN-OS 10.1.14-h9 or later

   These updates are available through Palo Alto Networks’ support portal.

   Palo Alto Networks Security Advisories

2. Restrict Management Interface Access: Implement best practices by limiting access to the management web interface to only trusted internal IP addresses. This can be achieved by configuring firewalls to block external access to the management interface and ensuring that only authorized internal networks can communicate with it.

   Palo Alto Networks Security Advisories

3. Monitor for Unusual Activity: Regularly inspect logs and network traffic for signs of unauthorized access or exploitation attempts. Given that proof-of-concept exploits are publicly available and active exploitation has been observed, heightened vigilance is essential.

   Informa TechTarget

Impact of Successful Exploitation of CVE-2025-0108

Exploiting CVE-2025-0108 allows attackers to bypass authentication on the PAN-OS management web interface, granting them unauthorized access to sensitive PHP scripts. While this does not enable remote code execution directly, it can lead to severe consequences, including:

• Exposure of Sensitive Information: Attackers may access configuration files, system settings, and other confidential data, potentially leading to further network compromise.
• System Integrity Compromise: Unauthorized changes to firewall rules or system configurations can be made, undermining the security posture of the organization.

Moreover, there have been reports of attackers chaining CVE-2025-0108 with other vulnerabilities, such as CVE-2024-9474 and CVE-2025-0111, to achieve more extensive system compromises, including remote code execution.

Proof of Concept for CVE-2025-0108

A proof-of-concept (PoC) exploit for CVE-2025-0108 has been publicly released, demonstrating the feasibility of exploiting this vulnerability. The PoC involves crafting specific HTTP requests that manipulate the way the management web interface processes authentication, allowing unauthorized access to protected PHP scripts. Security researchers have detailed the exploit methodology, emphasizing the importance of prompt patching and adherence to security best practices to mitigate potential threats.

Given the availability of the PoC and active exploitation in the wild, it is imperative for organizations using vulnerable versions of PAN-OS to implement the recommended updates and security measures without delay to protect their networks from potential attacks.