← back
CVE-2025-0108

PAN-OS: Authentication Bypass in the Management Web Interface

CVSS 8.8 HIGHEPSS 98.3%● KEVCWE-306
In short

An attacker can bypass the login authentication on PAN-OS management interface without credentials, allowing unauthorized access to certain functions that could compromise data security and system integrity.

Technical detail

An unauthenticated attacker with network access to the management web interface can bypass authentication via a PHP script invocation vector (CWE-306), enabling unauthorized access to sensitive operations that impact confidentiality and integrity, though not enabling remote code execution.

Summary generated and translated by AI from the official description.
An authentication bypass in the Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to bypass the authentication otherwise required by the PAN-OS management web interface and invoke certain PHP scripts. While invoking these PHP scripts does not enable remote code execution, it can negatively impact integrity and confidentiality of PAN-OS. You can greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended best practices deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue does not affect Cloud NGFW or Prisma Access software.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/AU:N/R:U/V:C/RE:M/U:Red
Affected products
Palo Alto Networks · Cloud NGFWPalo Alto Networks · PAN-OSPalo Alto Networks · Prisma Access
public PoCs found7
githubgithub.com/iSee857/CVE-2025-0108-PoC32githubgithub.com/FOLKS-iwd/CVE-2025-0108-PoC8githubgithub.com/becrevex/CVE-2025-01082githubgithub.com/fr4nc1stein/CVE-2025-0108-SCAN2githubgithub.com/sohaibeb/CVE-2025-01081githubgithub.com/barcrange/CVE-2025-0108-Authentication-Bypass-checker0githubgithub.com/kso4more/CVE-2025-01080
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/iSee857/CVE-2025-0108-PoChttps://security.paloaltonetworks.com/CVE-2025-0108https://slcyber.io/blog/nginx-apache-path-confusion-to-auth-bypass-in-pan-os/https://www.bleepingcomputer.com/news/security/palo-alto-networks-tags-new-firewall-bug-as-exploited-in-attacks/https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-0108https://www.darkreading.com/remote-workforce/patch-now-cisa-researchers-warn-palo-alto-flaw-exploited-wildhttps://www.securityweek.com/palo-alto-networks-confirms-exploitation-of-firewall-vulnerability/https://www.theregister.com/2025/02/19/palo_alto_firewall_attack/