The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added two security vulnerabilities affecting Palo Alto Networks and SonicWall products to its Known Exploited Vulnerabilities (KEV) catalog, warning organizations of active exploitation by malicious actors.
The two below-mentioned vulnerabilities, which are based on evidence of active exploitation, are frequent attack vectors for malicious cyber actors, posing significant risks to organizations. These are:
- CVE-2025-0108 (CVSS score: 7.8) – Palo Alto PAN-OS Authentication Bypass Vulnerability: This flaw affects Palo Alto Networks’ PAN-OS, the software running on its next-generation firewalls. The vulnerability allows an unauthenticated attacker to bypass authentication mechanisms and gain unauthorized access to network resources. Exploiting this vulnerability could enable threat actors to infiltrate sensitive systems, exfiltrate data, or deploy further exploits within a compromised network.
- CVE-2024-53704 (CVSS score: 8.2) – SonicWall SonicOS SSLVPN Improper Authentication Vulnerability: This flaw exists in SonicWall’s SonicOS SSLVPN feature, which is used for secure remote access. Attackers can exploit this vulnerability to bypass authentication procedures, granting unauthorized access to VPN-protected networks. This enables the attackers to intercept messages, steal access to internal resources, and conduct privilege escalation attacks, which are a massive threat to enterprise security.
Palo Alto Networks has confirmed the active exploitation of the CVE-2025-0108 vulnerability.
The company notes that it has observed exploit attempts with other vulnerabilities, such as CVE-2024-9474 and CVE-2025-0111.
“Palo Alto Networks has observed exploit attempts chaining CVE-2025-0108 with CVE-2024-9474 and CVE-2025-0111 on unpatched and unsecured PAN-OS web management interfaces,” the company said in an updated advisory.
According to cybersecurity firm GreyNoise, 26 active exploitation attempts have been made to-date targeting the CVE-2025-0108 authentication bypass vulnerability. This flaw has affected the major countries: the United States, France, Germany, the Netherlands, and Brazil.
On the other hand, Bishop Fox recently released technical details and a proof-of-concept (PoC) exploit for CVE-2024-53704, a high-severity authentication bypass in SonicOS SSLVPN. Shortly after the PoC was made public, Arctic Wolf detected exploitation attempts in the wild.
In response to the active exploitation of these vulnerabilities, CISA has mandated all Federal Civilian Executive Branch (FCEB) agencies, as per the November 2021 Binding Operational Directive (BOD) 22-01, to apply the patches by March 11, 2025, to mitigate the identified vulnerabilities and protect their networks against potential threats.
Palo Alto Networks and SonicWall, two of the major network security giants, have released updates and security advisories for affected users.
Organizations using these products should ensure they run the latest firmware and follow best cybersecurity practices, including monitoring for unusual network activity, restricting access to trusted sources, and implementing multi-layered defense strategies.
