Published 10 days ago • loading... • Updated 9 days ago

Hackers Exploiting Newly Discovered PAN-OS Authentication Bypass Vulnerability

Summary by IT Security News - Cybersecurity, Infosecurity News

Threat actors actively exploit a new high-severity vulnerability, CVE-2025-0108, in Palo Alto Networks’ PAN-OS. This exploit allows attackers to bypass authentication, execute certain PHP scripts, and potentially gain unauthorized access to affected systems. With the widespread use of PAN-OS in… Read more → The post Hackers Exploiting Newly Discovered PAN-OS Authentication Bypass Vulnerability appeared first on IT Security News.

This story is only covered by news sources that have yet to be evaluated by the independent media monitoring agencies we use to assess the quality and reliability of news outlets on our platform. Learn more here.

8 Articles

All

Left

Center

Right

Laminute.info

Palo Alto Networks Firewall Bug is exploited by threat actors: Report

The problem does not affect the company's cloud NGFW or Prisma Access software. Greynoise stated that the operation had started on Tuesday of this week. AssetNote published research on the hole on Wednesday. Palo Alto Networks published its opinion on the same day. "A path processing behavior'' Vulnerability," said AssetNote, "is a strange path processing behavior" in the part of the HTTP Apache server of Pan-OS, which, together with Nginx, mana…

9 days ago

Read Full Article

Network World

Palo Alto Networks firewall bug being exploited by threat actors: Report

Admins with firewalls from Palo Alto Networks should make sure the devices are fully patched and the management interface blocked from open internet access after the discovery this week of a zero-day login authentication bypass in the PAN-OS operating system. The discovery of the vulnerability (CVE-2025-0108) was made by researchers at Assetnote and, according to researchers at Greynoise, is already being exploited. For its part, Palo Alto Netwo…

9 days ago

Read Full Article

Security Boulevard

Palo Alto Networks PAN-OS Authentication Bypass Vulnerability (CVE-2025-0108)

Overview Recently, NSFOCUS CERT detected that Palo Alto Networks issued a security announcement and fixed the identity bypass vulnerability in PAN-OS (CVE-2025-0108). Due to the problem of path processing by Nginx/Apache in PAN-OS, unauthenticated attackers can bypass authentication to access the management web interface of PAN-OS device and call some PHP scripts, thus obtaining sensitive […] The post Palo Alto Networks PAN-OS Authentication Byp…

9 days ago

Read Full Article

Malware Analysis, News and Indicators

Palo Alto Networks PAN-OS flaw risks authentication bypass

The vulnerability stems from path confusion between Nginx and Apache components. Introduction to Malware Binary Triage (IMBT) Course Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor. Enroll Now and Save 10%: Coupon Code MWNEWS10 Note: Affiliate link – your enrollment helps support this platform at no extra cost to you. Article Link: Palo Alto Networks PAN-OS flaw risks authentication bypass

9 days ago

Read Full Article

Help Net Security

PAN-OS authentication bypass hole plugged, PoC is public (CVE-2025-0108) - Help Net Security

Palo Alto Networks has fixed a high-severity PAN-OS authentication bypass vulnerability (CVE-2025-0108), with a public PoC.

10 days ago

Read Full Article

The Hacker News

Palo Alto Networks Patches Authentication Bypass Exploit in PAN-OS Software

Palo Alto Networks has addressed a high-severity security flaw in its PAN-OS software that could result in an authentication bypass. The vulnerability, tracked as CVE-2025-0108, carries a CVSS score of 7.8 out of 10.0. The score, however, drops to 5.1 if access to the management interface is restricted to a jump box. "An authentication bypass in the Palo Alto Networks PAN-OS software enables an

10 days ago

Read Full Article

Think freely.Subscribe and get full access to Ground NewsSubscriptions start at $9.99/year