Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Palo Alto Networks Patches Potentially Serious Firewall Vulnerability

Palo Alto Networks has published 10 new security advisories, including one for a high-severity firewall authentication bypass vulnerability.

Palo Alto firewall vulnerabilities

Palo Alto Networks on Wednesday published 10 new security advisories to inform customers about the impact of new and previously known vulnerabilities on its products.

The most important advisory seems to be for a flaw tracked as CVE-2025-0108, which the vendor described as a PAN-OS issue that allows an unauthenticated attacker with network access to the targeted firewall’s management interface to bypass authentication and invoke certain PHP scripts.

“While invoking these PHP scripts does not enable remote code execution, it can negatively impact integrity and confidentiality of PAN-OS,” Palo Alto Networks explained.

The company has released patches for affected PAN-OS versions, as well as workarounds and mitigations, noting that exposure is significantly reduced if only trusted internal IP addresses are allowed to access the management interface.

Palo Alto has assigned the vulnerability a severity rating of ‘high’ based on a CVSS score of 7.8, but there is no evidence of in-the-wild exploitation and the company has assigned it a ‘moderate’ urgency rating. 

However, Assetnote researchers, who discovered CVE-2025-0108 while analyzing two Palo Alto firewall vulnerabilities that have been exploited in attacks, described it as a critical vulnerability that can lead to remote code execution if combined with another vulnerability. 

Searchlight Cyber, which recently acquired Assetnote, on Wednesday disclosed technical details of the vulnerability. 

Another noteworthy advisory published by Palo Alto Networks on Wednesday describes CVE-2025-0110, a PAN-OS vulnerability that also has a severity rating of ‘high’ and an urgency rating of ‘moderate’. This is a command injection flaw, but its exploitation requires administrator privileges.

Advertisement. Scroll to continue reading.

Advisories have also been published for medium-severity issues in the Cortex XDR agent (allows disabling the agent) and Cortex XDR Broker (unauthorized access), and PAN-OS (file read and file deletion).

One advisory describes recent Chromium updates (Palo Alto Networks’ Prisma Access Browser is based on Chromium). Other advisories inform customers that various third-party component vulnerabilities do not affect PAN-OS. 

None of the vulnerabilities described in the latest round of advisories has been exploited in the wild, according to Palo Alto Networks. 

Related: Palo Alto Networks Addresses Impact of BIOS, Bootloader Vulnerabilities on Its Firewalls

Related: Palo Alto Networks Patches High-Severity Vulnerability in Retired Migration Tool

Related: Palo Alto Networks Patches Firewall Zero-Day Exploited for DoS Attacks

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this in-depth briefing on how to protect executives and the enterprises they lead from the growing convergence of digital, narrative, and physical attacks.

Register

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

Cybersecurity firm Absolute Security announced Harold Rivas as its new CISO.

Simon Forster has been named the new General Manager of DNS security firm Quad9.

Cybersecurity training company Immersive has named Mark Schmitz as its new CEO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.