Full Report
The US cybersecurity giant says hackers are exploiting the high-severity flaw to break into unpatched customer networks. © 2024 TechCrunch. All rights reserved. For personal use only.
Analysis Summary
# Vulnerability: Actively Exploited PAN-OS Firewall Vulnerability Chained with Two Other Flaws
## CVE Details
- CVE ID: CVE-2025-0108
- CVSS Score: Not specified in the provided text.
- CWE: Not specified in the provided text.
## Affected Systems
- Products: Palo Alto Networks Firewalls running PAN-OS
- Versions: Unpatched systems are vulnerable. Specific ranges are not detailed in the summary but urgency to patch is stressed.
- Configurations: Specifically targets unpatched and unsecured PAN-OS web management interfaces.
## Vulnerability Description
A recently disclosed vulnerability in PAN-OS, chained by malicious actors with two previously disclosed flaws (CVE-2024-9474 and CVE-2025-0111), is being actively exploited. The exploit allows attackers to compromise customer networks. The complexity of the chained attack is reported as "low."
## Exploitation
- Status: Exploited in the wild (Active attack confirmed by Palo Alto and observed by GreyNoise).
- Complexity: Low
- Attack Vector: Likely Network, targeting the web management interface.
## Impact
- Confidentiality: High potential impact due to unauthorized access via chained exploits.
- Integrity: High potential impact due to system compromise.
- Availability: High potential impact due to unauthorized access/control over firewall infrastructure.
## Remediation
### Patches
- Palo Alto Networks released an advisory urging customers to urgently patch against the bug. Specific patch version numbers were not provided in the excerpt, but direct patching is the main recommendation.
### Workarounds
- Specific workarounds were not detailed in the provided text, but securing the PAN-OS web management interface is implied as critical.
## Detection
- GreyNoise observed an uptick in malicious exploitation attempts originating from at least 25 unique IP addresses as of February 18, 2025.
- **Detection methods:** Security monitoring tools should look for activity associated with the exploitation chain involving CVE-2025-0108, CVE-2024-9474, and CVE-2025-0111 targeting PAN-OS web management interfaces.
## References
- Vendor Advisory: hxxps://security.paloaltonetworks.com/CVE-2025-0108
- Assetnote discovery lead: CVE-2025-0108
- Related Exploited Flaw: CVE-2024-9474
- Chained Flaw: CVE-2025-0111
- Threat Intelligence Observation: hxxps://www.greynoise.io/blog/greynoise-observes-active-exploitation-of-pan-os-authentication-bypass-vulnerability-cve-2025-0108#GreyNoise