Share This:

Cybersecurity Threat AdvisoryA high-severity authentication bypass vulnerability in PAN-OS software, CVE-2025-0108, was disclosed. This flaw allows unauthenticated attackers with network access to bypass authentication and invoke PHP scripts, compromising system integrity and confidentiality. Read this Cybersecurity Threat Advisory to learn how you can protect your organization from this vulnerability. 


What is the threat?

CVE-2025-0108 is an authentication bypass in Palo Alto Networks’ PAN-OS, caused by inconsistent handling of web requests by Nginx, Apache, and the embedded PHP application. This discrepancy allows an unauthenticated attacker to craft specially designed HTTP requests that bypass the authentication mechanism, granting unauthorized access to certain PHP scripts. Exploitation of this vulnerability involves the attacker gaining network access to the PAN-OS management interface. By sending crafted requests that omit proper authentication tokens, the attacker can invoke PHP scripts intended only for authorized users. This unauthorized access can lead to exposure of sensitive configuration data and potential modification of firewall settings, thereby compromising network security.

Why is it noteworthy?

This vulnerability is particularly dangerous because it does not require valid credentials. Attackers can access with only network access to the management interface to exploit it. The ability for an unauthenticated attacker to bypass authentication mechanisms and access sensitive functions within the PAN-OS management interface poses a significant security risk. Since the proof-of-concept of the exploitation have been made public, it increases the likelihood of widespread exploitation. Organizations using affected PAN-OS versions must swiftly mitigate this threat and protect their network infrastructure.

What is the exposure or risk?

The vulnerability affects multiple PAN-OS versions, including 10.1, 10.2, 11.1, and 11.2. Organizations with vulnerable PAN-OS installations face risks such as unauthorized access to sensitive data, firewall changes, and network security breaches. Exposing the management interface to untrusted networks or the internet significantly increases the risk. It is crucial to restrict access and apply security updates immediately.

What are the recommendations?

Barracuda strongly recommends taking the following actions to protect your network against this threat:

  • Update PAN-OS software versions to 11.2.4 H4 or later, 11.1.6 H1 or later, 10.2.13 H3 or later, and 10.1.14 H9 or later.
  • Ensure access to the PAN-OS management web interface is limited to trusted internal IP addresses only.
  • Avoid exposing the management interface to the internet or untrusted networks.
  • Regularly review firewall and management interface configurations to ensure adherence to security best practices and to minimize potential attack vectors.

Reference:

For more in-depth information about the threat, please visit the following link:

If you have any questions about this Cybersecurity Threat Advisory, don’t hesitate to get in touch with Barracuda Managed XDR’s Security Operations Center.


Share This:
Vincent Yu

Posted by Vincent Yu

Vincent is a Cybersecurity Analyst at Barracuda. He's a security expert, working on our Blue Team within our Security Operations Center. Vincent supports our XDR service delivery and is highly skilled at analyzing security events to detect cyber threats, helping keep our partners and their customers protected.

All Posts

Leave a reply

Your email address will not be published. Required fields are marked *