Key Points:
• A zero-day login authentication bypass vulnerability, CVE-2025-0108, has been discovered in Palo Alto Networks’ PAN-OS operating system.
• The vulnerability, discovered by researchers at Assetnote, allows attackers to bypass authentication on PAN-OS management interfaces with Internet-facing access.
• To protect against exploitation, Palo Alto Networks recommends restricting access to management web interfaces to trusted internal IP addresses.
As a follow-up report, it has been announced that a zero-day login authentication bypass vulnerability has been uncovered in Palo Alto Networks’ PAN-OS operating system. This vulnerability, identified as CVE-2025-0108, allows attackers to bypass authentication on PAN-OS management interfaces with Internet-facing access.
According to researchers at Greynoise, exploitation of this vulnerability began on Tuesday of this week. This comes as a stark reminder of the importance of securing device management interfaces, as security experts have long warned network admins and infosec professionals about the dangers of exposing these interfaces to the open internet.
Palo Alto Networks has issued recommendations to help mitigate the risks associated with this vulnerability. Administrators are advised to restrict access to management web interfaces to trusted internal IP addresses, as this will ensure that attacks can only be carried out if an attacker has privileged access through those specified IP addresses.
In addition to this, network admins can take extra precautions by accessing management interfaces via virtual private networks (VPNs) or restricting access to only internal IP addresses. Furthermore, administrators can check the "Remediation Required" section of the PAN Customer Support Portal to identify any at-risk devices.
It is worth noting that this vulnerability does not affect Palo Alto Networks’ Cloud NGFW or Prisma Access software. Greynoise researchers also highlighted that exploitation of this vulnerability began on Tuesday of this week, while Assetnote published research on the issue on Wednesday, with Palo Alto Networks issuing an advisory on the same day.
In a statement, Palo Alto Networks explained that apache is treating the request differently than Nginx, leading to a "weird path-processing behavior" that allows for header smuggling and path confusion, resulting in authentication bypass. As stated by Assetnote, this is a "quite common" architecture problem where authentication is enforced at a proxy layer, but then the request is passed through a second layer with different behavior.
Read the rest: Source Link
You might also like: How to get Windows Server 2022, Try Windows 11 Pro for Workstations & browse Windows Azure content.
Remember to like our facebook and our twitter @WindowsMode for a chance to win a free Surface every month.
Discover more from Windows Mode
Subscribe to get the latest posts sent to your email.
