Threat Advisory

Critical PAN-OS Vulnerabilities Enable Root Access Exploitation

Threat: Vulnerability
Targeted Region: Global
Targeted Sector: Technology & IT
Criticality: High
[subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

A critical vulnerability CVE-2025-0108 in Palo Alto Networks PAN-OS web management interface, rated 8.8/10 on the CVSS scale, is under active exploitation. Attackers are chaining this flaw with two other vulnerabilities, CVE-2024-9474 with a CVSS score of 6.9 and CVE-2025-0111 with a CVSS score of 7.1 to bypass authentication, escalate privileges, and gain root access to affected firewalls. Unpatched systems with internet-facing management interfaces are at high risk. Immediate patching is strongly recommended to mitigate the threat.[/subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

A critical vulnerability CVE-2025-0108 in Palo Alto Networks PAN-OS web management interface, rated 8.8/10 on the CVSS scale, is under active exploitation. Attackers are chaining this flaw with two other vulnerabilities, CVE-2024-9474 with a CVSS score of 6.9 and CVE-2025-0111 with a CVSS score of 7.1 to bypass authentication, escalate privileges, and gain root access to affected firewalls. Unpatched systems with internet-facing management interfaces are at high risk. Immediate patching is strongly recommended to mitigate the threat.[emaillocker id="1283"]

  • CVE-2025-0111: This vulnerability allows authenticated attackers with network access to the PAN-OS web interface to read files accessible to the “nobody” user. While it requires authentication, when combined with other flaws, it significantly enhances an attacker’s ability to escalate privileges and compromise the system.

The chaining of these vulnerabilities poses a severe risk to unpatched PAN-OS systems, enabling attackers to bypass authentication, escalate privileges, and gain root access. Organizations must act immediately to secure their systems.

RECOMMENDATION:

We strongly recommend you update Palo Alto products to below versions:

Version Affected Version Solution
PAN-OS 10.1 10.1.0 through 10.1.14 Upgrade to 10.1.14-h9 or later
PAN-OS 10.2 10.2.0 through 10.2.13 Upgrade to 10.2.13-h3 or later
10.2.7 Upgrade to 10.2.7-h24 or 10.2.13-h3 or later
10.2.8 Upgrade to 10.2.8-h21 or 10.2.13-h3 or later
10.2.9 Upgrade to 10.2.9-h21 or 10.2.13-h3 or later
10.2.12 Upgrade to 10.2.12-h6 or 10.2.13-h3 or later
PAN-OS 11.0 (EoL)   Upgrade to a supported fixed version
PAN-OS 11.1 11.1.0 through 11.1.6 Upgrade to 11.1.6-h1 or later
PAN-OS 11.2 11.2.0 through 11.2.4 Upgrade to 11.2.4-h4 or later

REFERENCES:

The following reports contain further technical details:
https://www.theregister.com/2025/02/19/palo_alto_firewall_attack/

[/emaillocker]
crossmenu