Palo Alto warns that its firewalls are under active attack. Two newer vulnerabilities can be exploited in combination with a vulnerability from last year.
Palo Alto has been struggling with security vulnerabilities in its firewalls’ PAN-OS software for several months. It started in November when a first zero-day was discovered(CVE-2024-9474). Palo Alto has since rolled out a patch for that, but two new vulnerabilities(CVE-2025-0108 and CVE-2025-0111) came to light this month.
CVE-2025-0108 includes an access control issue in PAN-OS’s Web management interface that allows an unauthenticated attacker with network access to the management interface to bypass authentication and invoke PHP scripts. These scripts “negatively affect the integrity and confidentiality of PAN-OS,” according to Palo Alto.
With a CVSS score of 8.8 out of ten, this vulnerability receives the highest severity rating. CVE-2025-0111 allows attackers with network access to read files accessible to the “nobody” user and receives a score of 7.1.
Chain reaction
Palo Alto warns that the vulnerabilities are being actively exploited. Those who have not yet installed the November patch are at extra risk because, according to the security specialist, the new vulnerabilities can be used in a chain reaction with the November vulnerability. How that works, Palo Alto does not specify, but the company confirms it has already observed this in practice.
With the latest patch rolled out on Feb. 12, you kill three birds with one stone. In Palo Alto’s bulletins, you can check which versions of PAN-OS are vulnerable, and which versions keep you safe. Those using an unprotected version are advised to update as soon as possible.
As if vulnerabilities weren’t harmful enough, Palo Alto’s firewalls have other problems. Several customers have reported in recent weeks that their firewalls fail and reboot at random times. The problems are occurring with versions PAN-OS 11.1.4-h7/h9, raising security concerns for users. A hot patch is available, but only in limited release.
read also