Palo Alto Networks has addressed a high-severity security flaw in its PAN-OS software that could result in an authentication bypass.
The vulnerability, tracked as CVE-2025-0108, carries a CVSS score of 7.8 out of 10.0. The score, however, drops to 5.1 if access to the management interface is restricted to a jump box.
“An authentication bypass in the Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to bypass the authentication otherwise required by the PAN-OS management web interface and invoke certain PHP scripts,” Palo Alto Networks said in an advisory.
“While invoking these PHP scripts does not enable remote code execution, it can negatively impact the integrity and confidentiality of PAN-OS.”
The vulnerability affects the following versions –
Searchlight Cyber/Assetnote security researcher Adam Kues, who is credited with discovering and reporting the flaw, said the security defect has to do with a discrepancy in how the interface’s Nginx and Apache components handle incoming requests, resulting in a directory traversal attack.
Palo Alto Networks has also shipped updates to resolve two other flaws –
To mitigate the risk posed by the vulnerability, it’s highly advised to disable access to the management interface from the internet or any untrusted network. Customers who do not use OpenConfig can either choose to disable or uninstall the plugin from their instances.
