Skip to content
Contact us

Critical Vulnerabilities in PAN-OS Management Interface and Other Palo Alto Networks Products

Picture of The 1898 & Co. Team

Recent developments have highlighted critical vulnerabilities in the management web interface of Palo Alto Networks' next-generation firewalls, specifically CVE-2025-0108, a high-severity authentication bypass vulnerability. This flaw, discovered by Assetnote researchers, allows attackers to exploit variations in how Nginx, Apache, and PHP components handle web requests. Although no malicious exploitation has been reported by Palo Alto Networks, a proof-of-concept (PoC) exploit is publicly available, increasing the risk of potential attacks. The vulnerability has been addressed in PAN-OS versions 11.2.4-h4 and later.

In addition to CVE-2025-0108, Palo Alto Networks has released updates to fix other vulnerabilities, including CVE-2025-0111 and CVE-2025-0109, which involve authenticated file read and unauthenticated file deletion vulnerabilities, respectively. These updates are crucial for maintaining the integrity and confidentiality of systems using the affected management web interface. Administrators are urged to apply these updates promptly and restrict access to the management interface from untrusted networks.

Furthermore, Palo Alto Networks has issued security updates for several other products, such as the PAN-OS OpenConfig Plugin, Prisma Access Secure Enterprise Browser, GlobalProtect Clientless VPN, Cortex XDR Agent on Windows, and Cortex XDR Broker VM. While none of these vulnerabilities have been exploited in the wild, they present potential risks that should be mitigated through timely updates.

Threats and Vulnerabilities

CVE-2025-0108 represents a significant threat due to its ability to bypass authentication mechanisms in the management web interface of Palo Alto Networks' firewalls. This vulnerability can be exploited to invoke PHP scripts that compromise system integrity and confidentiality. The public availability of a PoC exploit heightens the urgency for remediation.

CVE-2025-0111 and CVE-2025-0109 further compound the risk by allowing authenticated file reads and unauthenticated file deletions, respectively. These vulnerabilities could lead to unauthorized data access or loss, impacting system operations and data security.

The unexpected reboots of PAN firewalls due to a bug in version 11.1.4-h7/h9 of PAN-OS highlight the importance of applying hotfixes like 11.1.4-h12 to maintain system stability and prevent operational disruptions.

Client Impact

Clients using affected Palo Alto Networks products may face operational disruptions if these vulnerabilities are exploited. The potential for unauthorized access or data manipulation could lead to data breaches, financial losses, and reputational damage. Organizations must also consider regulatory compliance implications, as failure to address these vulnerabilities could result in audits or penalties.

Compliance with relevant cybersecurity standards is crucial to avoid regulatory challenges. Clients should assess their current security posture and ensure that updates are applied promptly to mitigate these risks.

Mitigations

To mitigate the identified risks, clients should take the following actions:

  1. Apply the latest PAN-OS updates to address CVE-2025-0108, CVE-2025-0111, and CVE-2025-0109.
  2. Restrict access to the management web interface from untrusted networks and allow access only from trusted internal IP addresses.
  3. Implement hotfix 11.1.4-h12 to resolve unexpected reboot issues in PAN firewalls.
  4. Update other affected Palo Alto Networks products, such as the PAN-OS OpenConfig Plugin and Cortex XDR Agent on Windows.
  5. Conduct regular security assessments to identify and address potential vulnerabilities.

By taking these steps, clients can reduce their exposure to these vulnerabilities and enhance their overall security posture. Continuous monitoring and timely application of security updates are essential components of an effective cybersecurity strategy.

1898 & Co. Response

1898 & Co is actively addressing the current threat landscape by offering tailored cybersecurity solutions designed to mitigate emerging threats like those affecting Palo Alto Networks products. Our services include vulnerability assessments, patch management strategies, and network security enhancements to protect client systems from potential exploits.

We are updating our security protocols to incorporate the latest threat intelligence and collaborate with industry partners to share insights and best practices. Our ongoing research efforts focus on identifying new vulnerabilities and developing effective countermeasures to safeguard client assets.

Through case studies and real-world examples, we demonstrate the effectiveness of our mitigation strategies in preventing unauthorized access and maintaining system integrity. Clients can rely on our expertise to navigate complex cybersecurity challenges and achieve robust protection against evolving threats.

Sources

  1. Palo Alto security Advisory on CVE-2025-0108
  2. CVE Details for CVE-2025-0108
  3. CVE Details for CVE-2025-0111
  4. CVE Details for CVE-2025-0109
  5. GreyNoise Observations on CVE-2025-0108 Exploitation Attempts