This new vulnerability brings to thoughts an nearly an identical Palo Alto Networks DoS challenge from late 2024, CVE-2024-3393, that additionally put affected firewalls into upkeep mode. On that event, attackers came upon in regards to the challenge earlier than patches appeared, making it a zero-day vulnerability.
Extra lately, in December, risk intelligence firm GreyNoise seen an uptick in automated login makes an attempt concentrating on each GlobalProtect and Cisco VPNs, whereas earlier in 2025, PAN-OS was affected by a critical zero day flaw, CVE-2025-0108, that allowed attackers to bypass login authentication.
“In response to Palo Alto Networks’ security advisories, the corporate has reported nearly 500 vulnerabilities up to now, a lot of which affected PAN-OS. A big minority associated to DoS points,” a spokesperson for risk intelligence firm Flashpoint noticed. “[But] a notable portion of Palo Alto disclosures traditionally didn’t obtain CVE identifiers, notably older PAN-OS points, which may complicate longitudinal comparability throughout distributors.”
