Palo Alto Networks has released security advisories addressing two high-severity vulnerabilities in its PAN-OS network security operating system. The vulnerabilities, tracked as CVE-2025-0108 and CVE-2025-0110, could allow attackers to bypass authentication and execute arbitrary commands, respectively.
CVE-2025-0108: Authentication Bypass Vulnerability
This vulnerability (CVSSv3.1 score 7.8) exists in the management web interface of PAN-OS. An unauthenticated attacker with network access to the management interface could exploit this flaw to bypass authentication and invoke certain PHP scripts. While this does not enable remote code execution, it can impact the integrity and confidentiality of PAN-OS.
“An authentication bypass in the Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to bypass the authentication otherwise required by the PAN-OS management web interface and invoke certain PHP scripts,” the advisory explains.
CVE-2025-0110: Command Injection Vulnerability
This vulnerability (CVSSv3.1 score 7.3) resides in the PAN-OS OpenConfig plugin. An authenticated administrator with the ability to make gNMI requests to the PAN-OS management web interface could exploit this flaw to inject and execute arbitrary commands. These commands would run with the privileges of the “_openconfig” user, who has the Device Administrator role.
“A command injection vulnerability in the Palo Alto Networks PAN-OS OpenConfig plugin enables an authenticated administrator with the ability to make gNMI requests to the PAN-OS management web interface to bypass system restrictions and run arbitrary commands,” the advisory states.
Affected Versions and Mitigation
CVE-2025-0108 affects PAN-OS versions 11.2 (before 11.2.4-h4), 11.1 (before 11.1.6-h1), 10.2 (before 10.2.13-h3), and 10.1 (before 10.1.14-h9). CVE-2025-0110 affects PAN-OS OpenConfig plugin versions before 2.1.2.
Palo Alto Networks has released updates to address both vulnerabilities. Users are urged to update their PAN-OS software to the latest versions as soon as possible. The company also recommends restricting management interface access to trusted internal IP addresses only. Palo Alto Networks emphasizes: “If you do not use the OpenConfig plugin, disable or uninstall it.”
Related Posts:
- Palo Alto Networks Investigates Potential Remote Code Execution Vulnerability in PAN-OS
- CVE-2024-3393: PAN-OS Vulnerability Now Exploited in the Wild
- Palo Alto Networks Raises Alarm on Firewall Vulnerability Following Active Exploitation
- CISA Warns of Actively Exploited Palo Alto Firewall Flaw (CVE-2024-3393)
- PAN-OS arbitrary code execution vulnerability
