CVE-2025-0108 - Vulnerability Details

An authentication bypass in the Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to bypass the authentication otherwise required by the PAN-OS management web interface and invoke certain PHP scripts. While invoking these PHP scripts does not enable remote code execution, it can negatively impact integrity and confidentiality of PAN-OS. You can greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended best practices deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue does not affect Cloud NGFW or Prisma Access software.

Attack Vector Network

Attack Complexity Low

Privileges Required High

Attack Requirements Present

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is in the KEV database since Feb. 18, 2025.

Exploitation active

Automatable yes

Technical Impact partial

Vendors	Products
Paloaltonetworks	Pan-os

Configuration 1 [-]

OR	cpe:2.3:o:paloaltonetworks:pan-os::::::::
	cpe:2.3:o:paloaltonetworks:pan-os::::::::
	cpe:2.3:o:paloaltonetworks:pan-os::::::::
	cpe:2.3:o:paloaltonetworks:pan-os::::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:-::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h1::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h2::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h3::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h4::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h5::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h6::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h7::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h8::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:-::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h1::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h10::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h11::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h12::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h13::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h14::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h15::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h16::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h17::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h18::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h19::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h2::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h20::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h21::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h22::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h23::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h3::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h4::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h5::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h6::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h7::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h8::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h9::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:-::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h1::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h10::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h11::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h12::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h13::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h14::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h15::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h16::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h17::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h18::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h19::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h2::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h20::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h3::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h4::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h5::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h6::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h7::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h8::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h9::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:-::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h1::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h11::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h12::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h13::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h14::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h15::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h16::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h17::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h18::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h19::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h2::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h20::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h3::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h4::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h5::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h6::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h7::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h8::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h9::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:-::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h1::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h10::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h11::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h12::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h13::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h2::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h3::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h4::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h5::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h6::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h7::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h8::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h9::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:-::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h1::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h10::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h11::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h2::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h3::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h4::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h5::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h6::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h7::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h8::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h9::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:-::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h1::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h2::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h3::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h4::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h5::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:-::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h1::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h2::::::
cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:-::::::
cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h1::::::
cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h10::::::
cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h11::::::
cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h12::::::
cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h13::::::
cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h14::::::
cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h15::::::
cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h16::::::
cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h17::::::
cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h2::::::
cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h3::::::
cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h4::::::
cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h5::::::
cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h6::::::
cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h7::::::
cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h8::::::
cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h9::::::
cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:::::::*
cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:-::::::
cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h1::::::
cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h10::::::
cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h11::::::
cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h12::::::
cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h2::::::
cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h3::::::
cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h4::::::
cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h5::::::
cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h6::::::
cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h7::::::
cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h8::::::
cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h9::::::
cpe:2.3:o:paloaltonetworks:pan-os:11.1.5:::::::*
cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:-::::::
cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:-::::::
cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h1::::::
cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h2::::::
cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h3::::::

No data.

References

Link	Providers
https://github.com/iSee857/CVE-2025-0108-PoC
https://security.paloaltonetworks.com/CVE-2025-0108
https://slcyber.io/blog/nginx-apache-path-confusion-to-auth-bypass-in-pan-os/
https://www.bleepingcomputer.com/news/security/palo-alto-networks-tags-new-firewall-bug-as-exploited-in-attacks/
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-0108
https://www.darkreading.com/remote-workforce/patch-now-cisa-researchers-warn-palo-alto-flaw-exploited-wild
https://www.securityweek.com/palo-alto-networks-confirms-exploitation-of-firewall-vulnerability/
https://www.theregister.com/2025/02/19/palo_alto_firewall_attack/

History

Tue, 21 Oct 2025 23:15:00 +0000

Type	Values Removed	Values Added
References		https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-0108

Tue, 21 Oct 2025 20:30:00 +0000

Type	Values Removed	Values Added
References	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-0108

Tue, 21 Oct 2025 19:30:00 +0000

Type	Values Removed	Values Added
References		https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-0108

Wed, 16 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.94092}`	epss `{'score': 0.941}`

Sat, 12 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.94113}`	epss `{'score': 0.94092}`

Fri, 27 Jun 2025 21:00:00 +0000

Type	Values Removed	Values Added
CPEs	cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h14:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:::::::*

Thu, 17 Apr 2025 19:00:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h14:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:::::::* cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h10:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h11:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h12:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h5:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h6:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h7:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h8:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h9::::::

Thu, 20 Feb 2025 03:45:00 +0000

Type	Values Removed	Values Added
References		https://github.com/iSee857/CVE-2025-0108-PoC https://slcyber.io/blog/nginx-apache-path-confusion-to-auth-bypass-in-pan-os/ https://www.bleepingcomputer.com/news/security/palo-alto-networks-tags-new-firewall-bug-as-exploited-in-attacks/ https://www.darkreading.com/remote-workforce/patch-now-cisa-researchers-warn-palo-alto-flaw-exploited-wild https://www.securityweek.com/palo-alto-networks-confirms-exploitation-of-firewall-vulnerability/ https://www.theregister.com/2025/02/19/palo_alto_firewall_attack/

Thu, 20 Feb 2025 00:00:00 +0000

Type	Values Removed	Values Added
CPEs	cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:::::::* cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:::::::*	cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h10:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h11:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h12:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h13:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h5:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h6:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h7:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h8:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h9:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h10:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h11:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h5:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h6:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h7:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h8:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h9:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h5:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h10:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h11:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h13:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h14:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h15:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h17:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h20:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h22:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h23:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h5:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h7:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h9:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h11:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h12:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h14:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h16:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h17:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h20:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h5:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h6:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h7:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h8:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h9:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h10:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h12:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h13:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h15:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h17:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h20:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h5:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h6:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h7:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h8:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h10:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h11:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h12:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h13:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h14:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h15:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h16:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h17:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h5:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h6:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h7:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h8:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h9:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h3::::::

Wed, 19 Feb 2025 16:00:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:o:paloaltonetworks:pan-os:::::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h12:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h16:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h18:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h19:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h21:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h6:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h8:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h10:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h13:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h15:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h18:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h19:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h11:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h14:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h16:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h18:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h19:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h9::::::
Metrics		cvssV3_1 `{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N'}`

Wed, 19 Feb 2025 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		kev `{'dateAdded': '2025-02-18'}`

Tue, 18 Feb 2025 19:15:00 +0000

Type	Values Removed	Values Added
Metrics	ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`	ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 18 Feb 2025 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 12 Feb 2025 21:15:00 +0000

Type	Values Removed	Values Added
Description		An authentication bypass in the Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to bypass the authentication otherwise required by the PAN-OS management web interface and invoke certain PHP scripts. While invoking these PHP scripts does not enable remote code execution, it can negatively impact integrity and confidentiality of PAN-OS. You can greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended best practices deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue does not affect Cloud NGFW or Prisma Access software.
Title		PAN-OS: Authentication Bypass in the Management Web Interface
First Time appeared		Paloaltonetworks Paloaltonetworks pan-os
Weaknesses		CWE-306
CPEs		cpe:2.3:o:paloaltonetworks:pan-os:10.1.0:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.1.11:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.1.12:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.1.13:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h5:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h6:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h7:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h8:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.1:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.1.2:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.1.7:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:::::::* cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:::::::* cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:::::::* cpe:2.3:o:paloaltonetworks:pan-os:11.1.1:::::::* cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:::::::* cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:::::::* cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:::::::* cpe:2.3:o:paloaltonetworks:pan-os:11.1.5:::::::* cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.2.0:::::::* cpe:2.3:o:paloaltonetworks:pan-os:11.2.1:::::::* cpe:2.3:o:paloaltonetworks:pan-os:11.2.2:::::::* cpe:2.3:o:paloaltonetworks:pan-os:11.2.3:::::::* cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h2::::::
Vendors & Products		Paloaltonetworks Paloaltonetworks pan-os
References		https://security.paloaltonetworks.com/CVE-2025-0108
Metrics		cvssV4_0 `{'score': 5.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/AU:N/R:U/V:C/RE:M/U:Green'}`

MITRE

Status: PUBLISHED

Assigner: palo_alto

Published: 2025-02-12T20:55:34.610Z

Updated: 2025-10-21T22:55:29.063Z

Reserved: 2024-12-20T23:23:10.451Z

Link: CVE-2025-0108

Vulnrichment

Updated: 2025-02-20T02:08:45.296Z

NVD

Status : Modified

Published: 2025-02-12T21:15:16.290

Modified: 2025-10-21T23:16:44.927

Link: CVE-2025-0108

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required High

Attack Requirements Present

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

Exploitation active

Automatable yes

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object