CVE-2025-0108 - Vulnerability Details

An authentication bypass in the Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to bypass the authentication otherwise required by the PAN-OS management web interface and invoke certain PHP scripts. While invoking these PHP scripts does not enable remote code execution, it can negatively impact integrity and confidentiality of PAN-OS.

You can greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended best practices deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .

This issue does not affect Cloud NGFW or Prisma Access software.

Attack Vector Network

Attack Complexity Low

Privileges Required High

Attack Requirements Present

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is in the KEV database since Feb. 18, 2025.

The EPSS score is 0.94007.

Exploitation active

Automatable yes

Technical Impact partial

Vendors	Products
Paloaltonetworks	Pan-os

Configuration 1 [-]

OR	cpe:2.3:o:paloaltonetworks:pan-os::::::::
	cpe:2.3:o:paloaltonetworks:pan-os::::::::
	cpe:2.3:o:paloaltonetworks:pan-os::::::::
	cpe:2.3:o:paloaltonetworks:pan-os::::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:-::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h1::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h2::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h3::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h4::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h5::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h6::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h7::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h8::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:-::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h1::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h10::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h11::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h12::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h13::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h14::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h15::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h16::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h17::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h18::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h19::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h2::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h20::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h21::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h22::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h23::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h3::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h4::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h5::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h6::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h7::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h8::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h9::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:-::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h1::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h10::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h11::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h12::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h13::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h14::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h15::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h16::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h17::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h18::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h19::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h2::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h20::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h3::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h4::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h5::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h6::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h7::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h8::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h9::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:-::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h1::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h11::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h12::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h13::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h14::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h15::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h16::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h17::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h18::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h19::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h2::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h20::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h3::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h4::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h5::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h6::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h7::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h8::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h9::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:-::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h1::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h10::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h11::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h12::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h13::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h2::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h3::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h4::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h5::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h6::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h7::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h8::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h9::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:-::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h1::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h10::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h11::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h2::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h3::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h4::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h5::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h6::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h7::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h8::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h9::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:-::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h1::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h2::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h3::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h4::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h5::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:-::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h1::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h2::::::
cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:-::::::
cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h1::::::
cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h10::::::
cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h11::::::
cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h12::::::
cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h13::::::
cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h14::::::
cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h15::::::
cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h16::::::
cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h17::::::
cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h2::::::
cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h3::::::
cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h4::::::
cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h5::::::
cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h6::::::
cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h7::::::
cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h8::::::
cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h9::::::
cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:::::::*
cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:-::::::
cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h1::::::
cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h10::::::
cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h11::::::
cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h12::::::
cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h2::::::
cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h3::::::
cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h4::::::
cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h5::::::
cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h6::::::
cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h7::::::
cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h8::::::
cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h9::::::
cpe:2.3:o:paloaltonetworks:pan-os:11.1.5:::::::*
cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:-::::::
cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:-::::::
cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h1::::::
cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h2::::::
cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h3::::::

No data.

Fixes

Solution

Version Minor Version Suggested Solution PAN-OS 10.1 10.1.0 through 10.1.14 Upgrade to 10.1.14-h9 or later PAN-OS 10.2 10.2.0 through 10.2.13 Upgrade to 10.2.13-h3 or later 10.2.7Upgrade to 10.2.7-h24 or 10.2.13-h3 or later 10.2.8Upgrade to 10.2.8-h21 or 10.2.13-h3 or later 10.2.9Upgrade to 10.2.9-h21 or 10.2.13-h3 or later 10.2.10Upgrade to 10.2.10-h14 or 10.2.13-h3 or later 10.2.11Upgrade to 10.2.11-h12 or 10.2.13-h3 or later 10.2.12Upgrade to 10.2.12-h6 or 10.2.13-h3 or later PAN-OS 11.0 (EoL) Upgrade to a supported fixed versionPAN-OS 11.1 11.1.0 through 11.1.6 Upgrade to 11.1.6-h1 or later 11.1.2Upgrade to 11.1.2-h18 or 11.1.6-h1 or later PAN-OS 11.2 11.2.0 through 11.2.4 Upgrade to 11.2.4-h4 or laterNote: PAN-OS 11.0 reached end of life (EoL) on November 17, 2024. No additional fixes are planned for this release.

Workaround

Recommended mitigation—The vast majority of firewalls already follow Palo Alto Networks and industry best practices. However, if you have not already, we strongly recommend that you secure access to your management interface according to our https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 * Palo Alto Networks official and detailed technical documentation: https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices Additionally, customers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID 510000 and 510001 (introduced in Applications and Threats content version 8943).

References

Link	Providers
https://github.com/iSee857/CVE-2025-0108-PoC
https://security.paloaltonetworks.com/CVE-2025-0108
https://slcyber.io/blog/nginx-apache-path-confusion-to-auth-bypass-in-pan-os/
https://www.bleepingcomputer.com/news/security/palo-alto-networks-tags-new-firewall-bug-as-exploited-in-attacks/
https://www.darkreading.com/remote-workforce/patch-now-cisa-researchers-warn-palo-alto-flaw-exploited-wild
https://www.securityweek.com/palo-alto-networks-confirms-exploitation-of-firewall-vulnerability/
https://www.theregister.com/2025/02/19/palo_alto_firewall_attack/

History

Wed, 16 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.94092}`	epss `{'score': 0.941}`

Sat, 12 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.94113}`	epss `{'score': 0.94092}`

Fri, 27 Jun 2025 21:00:00 +0000

Type	Values Removed	Values Added
CPEs	cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h14:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:::::::*

Thu, 17 Apr 2025 19:00:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h14:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:::::::* cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h10:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h11:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h12:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h5:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h6:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h7:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h8:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h9::::::

Thu, 20 Feb 2025 03:45:00 +0000

Type	Values Removed	Values Added
References		https://github.com/iSee857/CVE-2025-0108-PoC https://slcyber.io/blog/nginx-apache-path-confusion-to-auth-bypass-in-pan-os/ https://www.bleepingcomputer.com/news/security/palo-alto-networks-tags-new-firewall-bug-as-exploited-in-attacks/ https://www.darkreading.com/remote-workforce/patch-now-cisa-researchers-warn-palo-alto-flaw-exploited-wild https://www.securityweek.com/palo-alto-networks-confirms-exploitation-of-firewall-vulnerability/ https://www.theregister.com/2025/02/19/palo_alto_firewall_attack/

Thu, 20 Feb 2025 00:00:00 +0000

Type	Values Removed	Values Added
CPEs	cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:::::::* cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:::::::*	cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h10:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h11:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h12:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h13:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h5:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h6:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h7:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h8:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h9:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h10:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h11:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h5:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h6:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h7:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h8:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h9:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h5:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h10:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h11:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h13:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h14:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h15:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h17:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h20:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h22:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h23:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h5:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h7:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h9:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h11:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h12:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h14:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h16:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h17:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h20:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h5:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h6:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h7:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h8:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h9:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h10:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h12:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h13:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h15:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h17:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h20:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h5:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h6:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h7:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h8:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h10:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h11:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h12:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h13:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h14:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h15:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h16:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h17:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h5:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h6:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h7:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h8:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h9:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h3::::::

Wed, 19 Feb 2025 16:00:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:o:paloaltonetworks:pan-os:::::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h12:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h16:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h18:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h19:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h21:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h6:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h8:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h10:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h13:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h15:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h18:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h19:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h11:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h14:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h16:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h18:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h19:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h9::::::
Metrics		cvssV3_1 `{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N'}`

Wed, 19 Feb 2025 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		kev `{'dateAdded': '2025-02-18'}`

Tue, 18 Feb 2025 19:15:00 +0000

Type	Values Removed	Values Added
Metrics	ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`	ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 18 Feb 2025 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 12 Feb 2025 21:15:00 +0000

Type	Values Removed	Values Added
Description		An authentication bypass in the Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to bypass the authentication otherwise required by the PAN-OS management web interface and invoke certain PHP scripts. While invoking these PHP scripts does not enable remote code execution, it can negatively impact integrity and confidentiality of PAN-OS. You can greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended best practices deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue does not affect Cloud NGFW or Prisma Access software.
Title		PAN-OS: Authentication Bypass in the Management Web Interface
First Time appeared		Paloaltonetworks Paloaltonetworks pan-os
Weaknesses		CWE-306
CPEs		cpe:2.3:o:paloaltonetworks:pan-os:10.1.0:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.1.11:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.1.12:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.1.13:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h5:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h6:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h7:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h8:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.1:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.1.2:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.1.7:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:::::::* cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:::::::* cpe:2.3:o:paloaltonetworks:pan-os:11.1.1:::::::* cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:::::::* cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:::::::* cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:::::::* cpe:2.3:o:paloaltonetworks:pan-os:11.1.5:::::::* cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.2.0:::::::* cpe:2.3:o:paloaltonetworks:pan-os:11.2.1:::::::* cpe:2.3:o:paloaltonetworks:pan-os:11.2.2:::::::* cpe:2.3:o:paloaltonetworks:pan-os:11.2.3:::::::* cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h2::::::
Vendors & Products		Paloaltonetworks Paloaltonetworks pan-os
References		https://security.paloaltonetworks.com/CVE-2025-0108
Metrics		cvssV4_0 `{'score': 5.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/AU:N/R:U/V:C/RE:M/U:Green'}`

MITRE

Status: PUBLISHED

Assigner: palo_alto

Published: 2025-02-12T20:55:34.610Z

Updated: 2025-07-30T01:36:19.387Z

Reserved: 2024-12-20T23:23:10.451Z

Link: CVE-2025-0108

Vulnrichment

Updated: 2025-02-20T02:08:45.296Z

NVD

Status : Analyzed

Published: 2025-02-12T21:15:16.290

Modified: 2025-06-27T20:39:59.717

Link: CVE-2025-0108

Redhat

No data.

OpenCVE Enrichment

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required High

Attack Requirements Present

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

Exploitation active

Automatable yes

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object