CVE-2025-0108

CVE-2025-0108 is an authentication bypass vulnerability in the Palo Alto Networks PAN-OS software, affecting the management web interface. Published on 2025-02-12, it allows an unauthenticated attacker with network access to bypass authentication and invoke certain PHP scripts. While this does not enable remote code execution, it can negatively impact the integrity and confidentiality of PAN-OS. The vulnerability does not affect Cloud NGFW or Prisma Access software and is associated with CWE-306 (Missing Authentication for Critical Function), earning a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).

An unauthenticated attacker who has network access to the exposed PAN-OS management web interface can exploit this vulnerability with low complexity and no privileges required. Successful exploitation enables the attacker to invoke specific PHP scripts, potentially compromising the confidentiality and integrity of the firewall configuration or data without disrupting availability.

Palo Alto Networks advisories recommend greatly reducing risk by restricting management web interface access to only trusted internal IP addresses, following their best practices deployment guidelines. A patch is available via the official security advisory at https://security.paloaltonetworks.com/CVE-2025-0108.

Notable context includes a public proof-of-concept exploit available on GitHub at https://github.com/iSee857/CVE-2025-0108-PoC, and reports indicating active exploitation in the wild, with Palo Alto Networks tagging the flaw as exploited and CISA researchers urging immediate patching.