KEVIntel

Vulnerability detail

Enriched intelligence for a single CVE

Back to KEVs

8.8

CVSS
High

CVE-2025-0108

PUBLISHED

PAN-OS: Authentication Bypass in the Management Web Interface

Exploited in the wild PoC available Remote Low complexity No user interaction

Vendor: Palo Alto Networks
Product: Cloud NGFW, PAN-OS, Prisma Access
Published: Feb 12, 2025
EPSS: —

Description

An authentication bypass in the Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to bypass the authentication otherwise required by the PAN-OS management web interface and invoke certain PHP scripts. While invoking these PHP scripts does not enable remote code execution, it can negatively impact integrity and confidentiality of PAN-OS. You can greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended best practices deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue does not affect Cloud NGFW or Prisma Access software.

php cisa nuclei_scanner edge nessus_scanner

CVSS scores

CVSS v4.0 8.8 High

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/AU:N/R:U/V:C/RE:M/U:Red

Exploitation status

Exploited in the wild

Recorded 2025-02-18 00:00:00 UTC · Source

Proof of concept available

Recorded 2025-02-19 16:00:04 UTC · Source

SSVC decision points

Exploitation: active
Automatable: Yes
Technical impact: partial

References

https://security.paloaltonetworks.com/CVE-2025-0108

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source	Added
CISA	Feb 18, 2025

Scanner integrations

Scanner	Reference	Detected
Nuclei	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-0108.yaml	Apr 25, 2025
Nessus	https://www.tenable.com/plugins/nessus/216167	Feb 12, 2025

Potential proof of concepts

These PoCs are unverified and could contain malware. Use at your own risk.

becrevex/CVE-2025-0108

github · Created 2025-02-19 16:57:58 UTC · 0 stars

NSE script that checks for CVE-2025-0108 vulnerability in Palo Alto Networks PAN-OS

sohaibeb/CVE-2025-0108

github · Created 2025-02-19 16:00:04 UTC · 1 stars

PAN-OS CVE POC SCRIPT

barcrange/CVE-2025-0108-Authentication-Bypass-checker

github · Created 2025-02-19 06:19:33 UTC · 0 stars

fr4nc1stein/CVE-2025-0108-SCAN

github · Created 2025-02-18 21:04:45 UTC · 2 stars

Detects an authentication bypass vulnerability in Palo Alto PAN-OS (CVE-2025-0108).

FOLKS-iwd/CVE-2025-0108-PoC

github · Created 2025-02-14 13:22:37 UTC · 7 stars

This repository contains a Proof of Concept (PoC) for the **CVE-2025-0108** vulnerability, which is an **authentication bypass** issue in Palo Alto Networks' PAN-OS software. The scripts provided here test for the vulnerability by sending a crafted HTTP request to the target systems.

iSee857/CVE-2025-0108-PoC

github · Created 2025-02-13 06:39:25 UTC · 26 stars

Palo Alto Networks PAN-OS 身份验证绕过漏洞批量检测脚本(CVE-2025-0108)

Timeline

CVE ID Reserved

December 20, 2024
CVE Published to Public

February 12, 2025
Detected by Nessus

February 12, 2025
Added to KEVIntel

February 18, 2025
Proof of Concept Exploit Available

February 19, 2025
Detected by Nuclei

April 25, 2025