- Palo Alto Networks corrects the authentication bypass pan -os flaw
- A day after the patch was launched, the criminals began looking for vulnerable final points
- The fault allows them to run different PHP scripts
Researchers say that vulnerability is being abused in Palo Alto Networks Firewalls in attacks in hunting attacks.
The company recently found and set a vulnerability of authentication in its Pan -os Firewalls. The defect, tracked as CVE-2025-0108, has a gravity score of 8.8/10 (high), and said that it affected multiple versions of the product.
He launched a solution on February 12, 2025, urging users to update their Firewalls to these versions:
11.2.4-H4 or posterior
11.1.6-H1 or later
10.2.13-H3 or posterior
10.1.14-H9 or posterior
Exploit attempts
Vulnerability affects the PAN-Os administration web interface and allows malicious actors to execute different PHP scripts. This, in turn, allows the exfiltration of confidential data, the manipulation of the Firewall configuration and more.
Now, the investigators of the safety output Graynoise said they observed attempts to exploit the defect of the final points without flashing. The attacks, they said, began one day after Palo Alto Networks launched the patch (February 13), and came from multiple IP directions, which could suggest that more attackers collected vulnerability at the same time.
Citing information from Macnica Yutaka Sejiyama researcher, Bleepingcomputer He informed that the attack surface probably has more than 4,400 devices.
To protect firewalls, users must apply the patch as soon as possible and restrict access to the product interface, as soon as possible.
Firewalls used by SMEs are often objectives because these types of companies generally have weaker security settings and obsolete firmware. Many SMEs lack dedicated IT teams, which leads to poorly configured Firewall rules that create vulnerabilities. In addition, threat actors can use firewalls as entry points to avoid network defenses and obtain deeper access to internal systems. Once compromised, Firewalls can be used to intercept confidential data, launch more attacks or disable security measures completely.
Through Bleepingcomputer
