Threat actors are exploiting a high-severity vulnerability CVE-2025-0108 in Palo Alto Networks PAN-OS firewalls’ management web interface that allows an unauthenticated user to bypass authentication and compromise integrity and confidentiality. Researchers at Assetnote discovered the vulnerability and demonstrated how threat actors could leverage the flaw to steal sensitive system data, obtain firewall configurations, or potentially modify some settings within the firewall. Palo Alto Networks urges administrators to upgrade firewalls to the versions below to patch systems:

• 11.2.4-h4 or later
• 11.1.6-h1 or later
• 10.2.13-h3 or later
• 10.1.14-h9 or later