Palo Alto Networks on Wednesday issued a security advisory stating that it has addressed a high-severity authentication bypass vulnerability in its PAN-OS software.
For those unaware, PAN-OS is software that runs all Palo Alto Networks’ next-generation firewalls (NGFWs) and security appliances.
It is designed to provide advanced network security, threat prevention, and traffic management capabilities for enterprises, service providers, and government organizations.
The high-severity vulnerability, identified as CVE-2025-0108 (CVSS score: 7.8), stems from the problem of path processing by Nginx/Apache in PAN-OS.
If successfully exploited, it could allow an attacker to bypass PAN-OS management web interface authentication and invoke specific PHP scripts, potentially gaining access to sensitive system data or exploiting underlying vulnerabilities.
“An authentication bypass in the Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to bypass the authentication otherwise required by the PAN-OS management web interface and invoke certain PHP scripts,” Palo Alto Networks wrote in the advisory published on Wednesday.
“While invoking these PHP scripts does not enable remote code execution, it can negatively impact the integrity and confidentiality of PAN-OS.”
The flaw affects multiple versions of PAN-OS, which are as follows:
- PAN-OS 11.2 < 11.2.4-h4 (fixed in 11.2.4-h4 or later)
- PAN-OS 11.1 < 11.1.6-h1 (fixed in 11.1.6-h1 or later)
- PAN-OS 10.2 < 10.2.13-h3 (fixed in 10.2.13-h3 or later)
- PAN-OS 10.1 < 10.1.14-h9 (fixed in 10.1.14-h9 or later)
Further, the PAN-OS versions: PAN-OS 10.1 >= 10.1.14-h9, PAN-OS 10.2 >= 10.2.13-h3, PAN-OS 11.1 >= 11.1.6-h1, and PAN-OS 11.2 >= 11.2.4-h4, remain unaffected by the vulnerability. It also does not affect Cloud NGFW and Prisma Access software.
The company has urged all its affected customers to apply the latest patch for PAN-OS immediately.
It has also advised users to review firewall logs for any suspicious activity related to the vulnerability, follow Palo Alto Networks’ best practices for securing network environments, and engage in threat intelligence monitoring to stay updated on emerging risks.
The CVE-2025-0108 vulnerability was discovered by Adam Kues, a security researcher at Assetnote, which is part of Searchlight Cyber, who reported it to Palo Alto.
The Assetnote researchers encountered this flaw while analyzing the patches for previous PAN-OS flaws —CVE-2024-0012 and CVE-2024-9474 — that were exploited in the wild.
“Our research reveals that while Palo Alto Networks’s recent patches addressed the known vulnerabilities, the underlying architecture of PAN-OS contains additional security flaws within the same vulnerability class,” said Shubham (Shubs) Shah, CTO and Co-Founder at Assetnote.
“This highlights a critical need for vendors to consider holistic security architecture reviews when addressing security incidents.”
According to Palo Networks, there is no indication of any malicious exploitation of the CVE-2025-0108 vulnerability in the wild.
While it considers the vulnerability as ‘high severity,’ the urgency rating assigned to it by the vendor is ‘moderate.’
