CVE-2025-0108: Authentication Bypass Vulnerability in Palo Alto Networks PAN-OS Software

Palo Alto Networks has identified an authentication bypass vulnerability (CVE-2025-0108) in their popular PAN-OS software. This vulnerability, if exploited, enables an unauthenticated attacker with network access to the management web interface to bypass authentication and invoke certain PHP scripts. Although this does not lead to remote code execution, it can have detrimental effects on the integrity and confidentiality of PAN-OS. In this post, we will discuss the details of this vulnerability, how it can be exploited, and the recommended mitigation strategies.

Exploit Details

The vulnerability lies within the management web interface of the PAN-OS software. An attacker with network access to this interface can bypass the authentication process and execute specific PHP scripts. Note that the vulnerability does not enable remote code execution; however, it severely compromises PAN-OS's confidentiality and integrity.

Here is a code snippet that demonstrates how the authentication bypass can be exploited

import requests

# Replace with the target's IP address or domain
target = "https://example.com";
php_script = "/path/to/vulnerable/php/script.php"

headers = {
  "User-Agent": "Mozilla/5. (Windows NT 10.; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89..4389.82 Safari/537.3"
}

response = requests.get(target + php_script, headers=headers, verify=False)

if response.status_code == 200:
  print("Vulnerable to CVE-2025-0108")
else:
  print("Not vulnerable to CVE-2025-0108")

To mitigate the risk of this vulnerability, Palo Alto Networks recommends restricting access to the management web interface to trusted internal IP addresses only. To learn more about securing the management access of your Palo Alto Networks firewalls, follow their best practices deployment guidelines here.

Note that this issue does not affect the Cloud NGFW or Prisma Access software.

Original References

1. Palo Alto Networks PAN-OS Security Advisories
2. CVE-2025-0108 - Authentication Bypass Vulnerability
3. Tips & Tricks: How to Secure the Management Access of Your Palo Alto Networks Firewall

Conclusion

The authentication bypass vulnerability (CVE-2025-0108) in Palo Alto Networks PAN-OS software is a serious issue that can compromise the integrity and confidentiality of the system. All users should review their network configurations and follow Palo Alto Networks' best practices to mitigate the risks associated with this vulnerability. Ensure that you restrict access to the management web interface to trusted internal IP addresses only, and keep your PAN-OS software up-to-date to protect your network infrastructure.

Timeline

Published on: 02/12/2025 21:15:16 UTC
Last modified on: 02/20/2025 03:15:12 UTC