CVE-2025-0108
- Source
- https://cve.org/CVERecord?id=CVE-2025-0108
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-0108.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-0108
- Published
- 2025-02-12T21:15:16.290Z
- Modified
- 2026-03-15T22:51:59.185294Z
- Severity
-
- 9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
- Summary
- [none]
- Details
-
An authentication bypass in the Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to bypass the authentication otherwise required by the PAN-OS management web interface and invoke certain PHP scripts. While invoking these PHP scripts does not enable remote code execution, it can negatively impact integrity and confidentiality of PAN-OS.
You can greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended best practices deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .
This issue does not affect Cloud NGFW or Prisma Access software.
- References
-
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-0108
- https://www.theregister.com/2025/02/19/palo_alto_firewall_attack/
- https://www.bleepingcomputer.com/news/security/palo-alto-networks-tags-new-firewall-bug-as-exploited-in-attacks/
- https://www.darkreading.com/remote-workforce/patch-now-cisa-researchers-warn-palo-alto-flaw-exploited-wild
- https://www.securityweek.com/palo-alto-networks-confirms-exploitation-of-firewall-vulnerability/
- https://security.paloaltonetworks.com/CVE-2025-0108
- https://github.com/iSee857/CVE-2025-0108-PoC
- https://slcyber.io/blog/nginx-apache-path-confusion-to-auth-bypass-in-pan-os/
Affected packages
Git /
Database specific
unresolved_ranges
[
{
"events": [
{
"introduced": "10.1.0"
},
{
"fixed": "10.1.14"
}
]
},
{
"events": [
{
"introduced": "10.2.0"
},
{
"fixed": "10.2.7"
}
]
},
{
"events": [
{
"introduced": "11.1.0"
},
{
"fixed": "11.1.2"
}
]
},
{
"events": [
{
"introduced": "11.2.0"
},
{
"fixed": "11.2.4"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.1.14-NA"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.1.14-h1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.1.14-h2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.1.14-h3"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.1.14-h4"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.1.14-h5"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.1.14-h6"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.1.14-h7"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.1.14-h8"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.2.7-NA"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.2.7-h1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.2.7-h10"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.2.7-h11"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.2.7-h12"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.2.7-h13"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.2.7-h14"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.2.7-h15"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.2.7-h16"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.2.7-h17"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.2.7-h18"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.2.7-h19"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.2.7-h2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.2.7-h20"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.2.7-h21"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.2.7-h22"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.2.7-h23"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.2.7-h3"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.2.7-h4"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.2.7-h5"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.2.7-h6"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.2.7-h7"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.2.7-h8"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.2.7-h9"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.2.8-NA"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.2.8-h1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.2.8-h10"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.2.8-h11"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.2.8-h12"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.2.8-h13"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.2.8-h14"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.2.8-h15"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.2.8-h16"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.2.8-h17"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.2.8-h18"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.2.8-h19"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.2.8-h2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.2.8-h20"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.2.8-h3"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.2.8-h4"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.2.8-h5"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.2.8-h6"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.2.8-h7"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.2.8-h8"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.2.8-h9"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.2.9-NA"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.2.9-h1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.2.9-h11"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.2.9-h12"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.2.9-h13"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.2.9-h14"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.2.9-h15"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.2.9-h16"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.2.9-h17"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.2.9-h18"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.2.9-h19"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.2.9-h2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.2.9-h20"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.2.9-h3"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.2.9-h4"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.2.9-h5"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.2.9-h6"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.2.9-h7"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.2.9-h8"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.2.9-h9"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.2.10-NA"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.2.10-h1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.2.10-h10"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.2.10-h11"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.2.10-h12"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.2.10-h13"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.2.10-h2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.2.10-h3"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.2.10-h4"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.2.10-h5"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.2.10-h6"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.2.10-h7"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.2.10-h8"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.2.10-h9"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.2.11-NA"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.2.11-h1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.2.11-h10"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.2.11-h11"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.2.11-h2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.2.11-h3"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.2.11-h4"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.2.11-h5"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.2.11-h6"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.2.11-h7"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.2.11-h8"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.2.11-h9"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.2.12-NA"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.2.12-h1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.2.12-h2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.2.12-h3"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.2.12-h4"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.2.12-h5"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.2.13-NA"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.2.13-h1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.2.13-h2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "11.1.2-NA"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "11.1.2-h1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "11.1.2-h10"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "11.1.2-h11"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "11.1.2-h12"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "11.1.2-h13"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "11.1.2-h14"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "11.1.2-h15"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "11.1.2-h16"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "11.1.2-h17"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "11.1.2-h2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "11.1.2-h3"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "11.1.2-h4"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "11.1.2-h5"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "11.1.2-h6"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "11.1.2-h7"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "11.1.2-h8"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "11.1.2-h9"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "11.1.3"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "11.1.4-NA"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "11.1.4-h1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "11.1.4-h10"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "11.1.4-h11"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "11.1.4-h12"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "11.1.4-h2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "11.1.4-h3"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "11.1.4-h4"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "11.1.4-h5"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "11.1.4-h6"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "11.1.4-h7"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "11.1.4-h8"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "11.1.4-h9"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "11.1.5"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "11.1.6-NA"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "11.2.4-NA"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "11.2.4-h1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "11.2.4-h2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "11.2.4-h3"
}
]
}
]
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-0108.json"