GreyNoise Observes Active Exploitation of PAN-OS Authentication Bypass Vulnerability (CVE-2025-0108)

GreyNoise has identified active exploitation attempts targeting a critical authentication bypass vulnerability, designated CVE-2025-0108, within Palo Alto Networks PAN-OS environments. This high-severity flaw enables unauthenticated adversaries to execute specific PHP scripts, potentially granting unauthorized access to vulnerable systems. The exploitation indicates an immediate threat to organizations utilizing affected PAN-OS versions without adequate protections. While specific threat actors remain unidentified, the active nature of the exploitation suggests opportunistic or targeted campaigns leveraging this weakness. Impact includes potential system compromise and data exfiltration. Mitigation requires immediate patching of PAN-OS instances to the latest secure versions provided by Palo Alto Networks. Administrators should also monitor network traffic for anomalous PHP execution attempts and enforce strict access controls. Prompt action is essential to prevent unauthorized access and maintain infrastructure integrity against this actively exploited vulnerability.

GreyNoise has observed active exploitation attempts targeting a newly disclosed authentication bypass vulnerability, CVE-2025-0108, affecting Palo Alto Networks PAN-OS. This high-severity flaw allows unauthenticated attackers to execute specific PHP scripts, potentially leading to unauthorized access to vulnerable systems.

GreyNoise has identified active exploitation attempts targeting a critical authentication bypass vulnerability, designated CVE-2025-0108, within Palo Alto Networks PAN-OS environments. This high-severity flaw enables unauthenticated adversaries to execute specific PHP scripts, potentially granting unauthorized access to vulnerable systems. The exploitation indicates an immediate threat to organizations utilizing affected PAN-OS versions without adequate protections. While specific threat actors remain unidentified, the active nature of the exploitation suggests opportunistic or targeted campaigns leveraging this weakness. Impact includes potential system compromise and data exfiltration. Mitigation requires immediate patching of PAN-OS instances to the latest secure versions provided by Palo Alto Networks. Administrators should also monitor network traffic for anomalous PHP execution attempts and enforce strict access controls. Prompt action is essential to prevent unauthorized access and maintain infrastructure integrity against this actively exploited vulnerability. GreyNoise has observed active exploitation attempts targeting a newly disclosed authentication bypass vulnerability, CVE-2025-0108, affecting Palo Alto Networks PAN-OS. This high-severity flaw allows unauthenticated attackers to execute specific PHP scripts, potentially leading to unauthorized access to vulnerable systems. GreyNoise has observed active exploitation attempts targeting a newly disclosed authentication bypass vulnerability, CVE-2025-0108, affecting Palo Alto Networks PAN-OS. This high-severity flaw allows unauthenticated attackers to execute specific PHP scripts, potentially leading to unauthorized access to vulnerable systems.