Palo Alto Networks has recently released updates for Pan-OS, the company’s proprietary operating system used in their inter-grid screens. This update addresses a critical vulnerability, CVE-2025-0108, which allows for authentication bypass in the web management interface. The vulnerability was rated 7.8 on the CVSS scale, but can be reduced to 5.1 if access to the interface is limited.
The vulnerability allows an attacker with network access to the management system to bypass the required authentication and execute certain PHP scripts. While remote code execution is not possible, this can still compromise the integrity and confidentiality of the system.
The affected versions of Pan-OS include:
- 11.2 to 11.2.4-H4 (fixed at 11.2.4-H4 and above);
- 11.1 to 11.1.6-H1 (fixed at 11.1.6-H1 and above);
- 11.0 (ceased receiving updates on November 17, 2024);
- 10.2 to 10.2.13-H3 (fixed at 10.2.13-H3 and above);
- 10.1 to 10.1.14-H9 (fixed at 10.1.14-H9 and above).
Adam Kus from Searchlight Cyberstruction, who discovered the vulnerability, explained that the vulnerability stemmed from differences in request processing between Nginx and Apache components, enabling a catalog bypass attack.
Furthermore, Palo Alto Networks also addressed two other vulnerabilities:
- CVE-2025-0109 (CVSS 5.5) – allows an unauthenticated attacker to delete specific files through the web control interface (fixed in the same versions as CVE-2025-0108).