Palo Alto Networks has addressed a high-severity security flaw in its PAN-OS software program that might lead to an authentication bypass.
The vulnerability, tracked as CVE-2025-0108, carries a CVSS rating of seven.8 out of 10.0. The rating, nevertheless, drops to five.1 if entry to the administration interface is restricted to a bounce field.
“An authentication bypass within the Palo Alto Networks PAN-OS software program permits an unauthenticated attacker with community entry to the administration net interface to bypass the authentication in any other case required by the PAN-OS administration net interface and invoke sure PHP scripts,” Palo Alto Networks mentioned in an advisory.
“Whereas invoking these PHP scripts doesn’t allow distant code execution, it may negatively affect the integrity and confidentiality of PAN-OS.”
The vulnerability impacts the next variations –
- PAN-OS 11.2 < 11.2.4-h4 (Mounted in >= 11.2.4-h4)
- PAN-OS 11.1 < 11.1.6-h1 (Mounted in >= 11.1.6-h1)
- PAN-OS 11.0 (Improve to a supported fastened model because it has reached end-of-life standing on November 17, 2024)
- PAN-OS 10.2 < 10.2.13-h3 (Mounted in >= 10.2.13-h3
- PAN-OS 10.1 < 10.1.14-h9 (Mounted in >= 10.1.14-h9)
Searchlight Cyber/Assetnote security researcher Adam Kues, who’s credited with discovering and reporting the flaw, mentioned the security defect has to do with a discrepancy in how the interface’s Nginx and Apache elements deal with incoming requests, leading to a listing traversal assault.
Palo Alto Networks has additionally shipped updates to resolve two different flaws –
- CVE-2025-0109 (CVSS rating: 5.5) – An unauthenticated file deletion vulnerability within the Palo Alto Networks PAN-OS administration net interface that allows an attacker with community entry to the administration net interface to delete sure information because the “no person” consumer, together with restricted logs and configuration information (Mounted in PAN-OS variations 11.2.4-h4, 11.1.6-h1, 10.2.13-h3, and 10.1.14-h9)
- CVE-2025-0110 (CVSS rating: 7.3) – A command injection vulnerability within the Palo Alto Networks PAN-OS OpenConfig plugin that allows an authenticated administrator with the flexibility to make gNMI requests to the PAN-OS administration net interface to bypass system restrictions and run arbitrary instructions (Mounted in PAN-OS OpenConfig Plugin model 2.1.2)
To mitigate the danger posed by the vulnerability, it is extremely suggested to disable entry to the administration interface from the web or any untrusted community. Clients who don’t use OpenConfig can both select to disable or uninstall the plugin from their situations.
