U.S. cybersecurity big Palo Alto Networks has warned that hackers are exploiting one other vulnerability in its firewall software program to interrupt into unpatched buyer networks.
Attackers are exploiting a lately disclosed vulnerability in PAN-OS, the working system that runs Palo Alto Networks firewalls, the California-based firm confirmed on Tuesday.
Cybersecurity agency Assetnote first found the vulnerability, tracked as CVE-2025-0108, earlier this month whereas analyzing two earlier Palo Alto firewall vulnerabilities that had been utilized in earlier assaults.
Palo Alto Networks launched an advisory on the identical day and urged prospects to urgently patch in opposition to the most recent bug. The corporate up to date its advisory on Tuesday to warn that the vulnerability is beneath energetic assault.
The corporate stated malicious attackers are chaining the vulnerability with two beforehand disclosed flaws — CVE-2024-9474 and CVE-2025-0111 — to focus on unpatched and unsecured PAN-OS net administration interfaces. CVE-2024-9474 has been exploited in assaults since November 2024, we beforehand reported.
Palo Alto Networks hasn’t defined how the three vulnerabilities are being chained collectively by hackers, however famous that the complexity of the assault is “low.”
The dimensions of the exploitation will not be but identified, however menace intelligence startup GreyNoise stated in a weblog put up on Tuesday that it has noticed 25 IP addresses actively exploiting the PAN-OS vulnerability, up from two IP addresses on February 13, suggesting an uptick in exploitation exercise. The exploitation makes an attempt have been flagged by GreyNoise as “malicious,” suggesting that menace actors are behind the exploitation fairly than security researchers.
“This high-severity flaw permits unauthenticated attackers to execute particular PHP scripts, doubtlessly resulting in unauthorized entry to weak methods,” GreyNoise stated.
GreyNoise says it has noticed the best ranges of assault visitors within the U.S., Germany, and the Netherlands.
It’s not identified who’s behind these assaults, or whether or not any delicate knowledge has been stolen from prospects’ networks. Palo Alto Networks didn’t instantly reply to information.killnetswitch’s questions.
CISA, the U.S. authorities’s cybersecurity company, added the most recent Palo Alto bug to its publicly listed Recognized Exploited Vulnerabilities (KEV) catalog on Tuesday.
