Cybersecurity and US infrastructure security agency (CISA) have included two critical vulnerabilities affecting Palo Alto Networks Pan-OS and Sonicwall Sonicos SSLVPN in its catalog of exploited vulnerabilities (KEV). This decision comes after confirmation of active exploitation of these vulnerabilities by hackers.
The first vulnerability, identified as CVE-2025-0108 with a CVSS score of 7.8, allows attackers to bypass authentication in the Pan-OS web control interface and execute certain PHP scripts without authorization. The second vulnerability, CVE-2024-53704 with a CVSS score of 8.2, impacts the SSLVPN authentication mechanism, enabling remote attackers to bypass authentication checks.
Palo Alto Networks has officially acknowledged that the CVE-2025-0108 vulnerability is being actively exploited in attacks. The company has also cautioned that hackers could potentially combine this vulnerability with others, like CVE-2024-9474, to gain unauthorized access to unprotected firewalls.
Last week, Greynoise, a reconnaissance company, reported the identification of 25 malicious IP addresses actively exploiting CVE-2025-0108. The number of attacks using this vulnerability has surged by tenfold recently, with the most significant activity observed in the USA, Germany, and the Netherlands.
Regarding CVE-2024-53704, Arctic Wolf highlighted that the exploit for this vulnerability became available immediately after the Bishop Fox research group published a Proof of Concept (POC), leading to its swift adoption by attackers.
To address this escalating threat, the US Federal Agency (FCEB) is required to address the identified vulnerabilities by March 11, 2025, to safeguard their networks from potential cyberattacks.