Critical Vulnerability Puts Palo Alto Firewalls at Risk
A major security flaw has been discovered in Palo Alto Networks’ PAN-OS firewalls, and hackers are already using it to launch cyberattacks. The vulnerability, identified as CVE-2025-0108, allows attackers to bypass authentication, giving them unauthorized access to certain system functions. This flaw affects the PAN-OS management web interface and has been classified as high-severity due to its potential to compromise security.
Palo Alto Networks has released security patches to fix this vulnerability and is urging users to update their firewalls immediately. The recommended versions that address the issue include:
11.2.4-h4 or later
11.1.6-h1 or later
10.2.13-h3 or later
10.1.14-h9 or later
PAN-OS 11.0 also contains the vulnerability, but Palo Alto Networks will not provide patches since this version has reached its end of life (EoL). The company strongly advises users running this version to upgrade to a supported version to ensure protection.
The vulnerability was first reported by cybersecurity experts who found that attackers could exploit a weakness in PAN-OS by bypassing authentication and executing unauthorized commands. This flaw enables hackers to extract sensitive system data, retrieve firewall configurations, and potentially manipulate security settings.
How Hackers Are Exploiting the Palo Alto Flaw
Hackers are taking advantage of a weakness in how PAN-OS interacts with web servers, specifically a path confusion between Nginx and Apache. This misconfiguration allows attackers to trick the system into thinking they have permission to access restricted parts of the firewall’s management interface.
Once inside, the attacker can:
- Collect sensitive system data that could help launch further attacks.
- Modify firewall settings, potentially weakening security defenses.
- Retrieve firewall configurations, gaining insights into a network’s security structure.
These activities put affected networks at high risk, as hackers could use the gathered information for future cyberattacks or data breaches.
Threat monitoring systems have already detected hackers attempting to exploit this vulnerability. Cybersecurity researchers reported that the attacks began on February 13 at 17:00 UTC and have been traced back to multiple IP addresses. This suggests that different hacker groups are actively trying to take advantage of the flaw.
A security monitoring platform has recorded several exploitation attempts, indicating that hackers are specifically targeting unpatched PAN-OS firewalls. Since the proof-of-concept (PoC) for the exploit is now public, more cybercriminals are expected to use this method to gain unauthorized access to vulnerable systems.
Over 4,400 Firewalls Face Online Exposure
A security researcher discovered that hackers can easily target more than 4,400 PAN-OS devices because their management interfaces remain publicly accessible. These devices face a high risk of attacks, especially if users have not updated them with the latest security patches.
Hackers can scan the internet for vulnerable devices and attempt to gain control over them. Once compromised, the firewall could be used as a gateway to launch further cyberattacks, steal sensitive data, or disrupt network operations.
To defend against these attacks, users should:
- Immediately update their PAN-OS firewalls to the patched versions provided by Palo Alto Networks.
- Restrict access to the management interface, allowing only authorized users to connect.
- Monitor network activity for any signs of unauthorized access attempts.
The ongoing exploitation of this vulnerability highlights the importance of keeping network security systems up to date. Organizations using PAN-OS firewalls must take immediate action to patch their systems and secure their networks from potential cyber threats.
