- Palo Alto Networks Correction of Authentication Typass Pan-os Flaw
- One day after the patch is released, criminals began to look for vulnerable ending points
- The flaw allows them to execute different PHP scripts
Vulnerability in Palo Alto Networks firewalls is mistreated in arms attacks, the researchers say.
The company recently discovered and set a vulnerability of authentication bypass in its Pan-Os firewalls. The defect, followed in CVE-2025-0108, has a severity score of 8.8 / 10 (high), and would have affected several versions of the product.
He published a correction on February 12, 2025, urging users to upgrade their firewalls to these versions:
11.2.4-H4 or later
11.1.6-H1 or subsequent version
10.2.13-H3 or subsequent version
10.1.14-H9 or later
Exploit attempts
Vulnerability has an impact on the Pan-OS management web interface and allows malicious actors to execute different PHP scripts. This, in turn, allows the exfiltration of sensitive data, the falsification of the configuration of the firewall, and more.
Now, Greynoise security researchers have said they had observed attempts to exploit the flaw on unlikely parameters. The attacks, they said, started one day after Palo Alto Networks published the Patch (February 13) and came from several IP addresses, which could suggest that more attackers resumed vulnerability at the same time.
Citing information from Macnica Yutaka Sejiyama researcher, Bleeping Compompute have reported that the attack surface probably has more than 4,400 devices.
To protect firewalls, users must apply the fix as soon as possible and restrict access to the product interface, as soon as possible.
Firewalls used by SMEs are often targets because these types of businesses generally have lower safety configurations and an obsolete firmware. Many SMEs lack dedicated IT teams, leading to erroneous firewall rules that create vulnerabilities. In addition, threat stakeholders can use firewalls because the entry points point to bypass the network defenses and obtain deeper access to internal systems. Once compromised, firewalls can be used to intercept sensitive data, launch other attacks or completely deactivate security measures.
Via Bleeping Compompute
