Palo Alto Networks PAN-OS sees authentication bypass under attack from hackers

Palo Alto Networks fixes authentication bypass PAN-OS flaw
A day after the patch was released, criminals started looking for vulnerable endpoints
The flaw allows them to run different PHP scripts

A vulnerability in Palo Alto Networks firewalls is being abused in in-the-wild attacks, researchers are saying.

The company recently found, and fixed, an authentication bypass vulnerability in its PAN-OS firewalls. The flaw, tracked as CVE-2025-0108, has a severity score of 8.8/10 (high), and was said to affect multiple versions of the product.

It released a fix on February 12, 2025, urging users to upgrade their firewalls to these versions:

11.2.4-h4 or later
11.1.6-h1 or later
10.2.13-h3 or later
10.1.14-h9 or later

Exploit attempts

The vulnerability impacts the PAN-OS management web interface, and allows malicious actors to run different PHP scripts. This, in turn enables sensitive data exfiltration, firewall configuration tampering, and more.

Now, researchers from the security outlet GreyNoise said they observed attempts to exploit the flaw on unpatched endpoints. The attacks, they said, started a day after Palo Alto Networks released the patch (February 13), and came from multiple IP addresses, which could suggest that more attackers picked up on the vulnerability at the same time.

Citing information from Macnica researcher Yutaka Sejiyama, BleepingComputer reported that the attack surface likely counts more than 4,400 devices.

To protect the firewalls, users should apply the patch as soon as possible, and restrict access to the product’s interface, as soon as possible.

Firewalls used by SMBs are often targets because these types of businesses typically have weaker security configurations and outdated firmware. Many SMBs lack dedicated IT teams, leading to misconfigured firewall rules that create vulnerabilities. Furthermore, threat actors can use firewalls as entry points to bypass network defenses and gain deeper access to internal systems. Once compromised, firewalls can be used to intercept sensitive data, launch further attacks, or disable security measures altogether.

Via BleepingComputer

Source link

You Might Also Like

AMD could add a Multimedia IO Die to the MI400, its fastest APU ever, and I have a theory as to what it could be

“This is a wake-up call” – the DeepSeek disruption: 10 experts weigh in

Google just set the date for I/O 2025, and get ready for the next big version of Gemini

Leave a Reply Cancel reply