fkie_cve-2025-0108
Vulnerability from fkie_nvd
Published
2025-02-12 21:15
Modified
2025-06-27 20:39
Severity ?
Summary
An authentication bypass in the Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to bypass the authentication otherwise required by the PAN-OS management web interface and invoke certain PHP scripts. While invoking these PHP scripts does not enable remote code execution, it can negatively impact integrity and confidentiality of PAN-OS.
You can greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended best practices deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .
This issue does not affect Cloud NGFW or Prisma Access software.
References
Impacted products
{
"cisaActionDue": "2025-03-11",
"cisaExploitAdd": "2025-02-18",
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "Palo Alto Networks PAN-OS Authentication Bypass Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "19D52DC1-4441-4C88-B209-9B86FCC2162F",
"versionEndExcluding": "10.1.14",
"versionStartIncluding": "10.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "243077CD-5021-4DF3-8AC7-5B14F7FD9710",
"versionEndExcluding": "10.2.7",
"versionStartIncluding": "10.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "21CFD38A-7AED-4CEE-BDA9-77D815689C58",
"versionEndExcluding": "11.1.2",
"versionStartIncluding": "11.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7E4D3A51-0A40-4B19-AAFC-A2484B1CF5D7",
"versionEndExcluding": "11.2.4",
"versionStartIncluding": "11.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:-:*:*:*:*:*:*",
"matchCriteriaId": "B41A7115-A370-49E1-B162-24803E6DD2CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h1:*:*:*:*:*:*",
"matchCriteriaId": "28432442-DBAD-41CF-BAA8-DF025CBCB583",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h2:*:*:*:*:*:*",
"matchCriteriaId": "65949A49-03A7-491C-B327-127F050AC4F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h3:*:*:*:*:*:*",
"matchCriteriaId": "A4181D7C-31D7-4DDF-A93C-88A71F6C16C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h4:*:*:*:*:*:*",
"matchCriteriaId": "E8ACB147-B4C1-4964-B538-EAA117CC6DC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h5:*:*:*:*:*:*",
"matchCriteriaId": "1721CDD4-C30A-4359-BF78-6702FC9DAFFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h6:*:*:*:*:*:*",
"matchCriteriaId": "6643574D-C024-440C-9392-004B7FA4498F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h7:*:*:*:*:*:*",
"matchCriteriaId": "BF0657E0-E0D7-4F7C-AF4B-88530716E290",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h8:*:*:*:*:*:*",
"matchCriteriaId": "7422F37D-7ABA-4BEC-8448-45A8F585D6F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:-:*:*:*:*:*:*",
"matchCriteriaId": "A8C42D98-CF8F-456B-9D57-80BBDC2C8E74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h1:*:*:*:*:*:*",
"matchCriteriaId": "B3AAD4BA-22DD-43D3-91F1-8A6F5FBBF029",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h10:*:*:*:*:*:*",
"matchCriteriaId": "EFB63AFC-C3EC-4D1A-BC4A-810662AD16BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h11:*:*:*:*:*:*",
"matchCriteriaId": "E67DEF1D-8674-41E8-AA07-0499DCCFD67A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h12:*:*:*:*:*:*",
"matchCriteriaId": "AA4994CB-6591-4B44-A5D7-3CDF540B97DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h13:*:*:*:*:*:*",
"matchCriteriaId": "71EB32DA-D82F-49DD-B06F-7F10F08F740E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h14:*:*:*:*:*:*",
"matchCriteriaId": "BF05E61D-0EC2-4755-8FCF-12E102A4D8FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h15:*:*:*:*:*:*",
"matchCriteriaId": "22ED8EDB-5549-4D29-90D2-FFE33D030912",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h16:*:*:*:*:*:*",
"matchCriteriaId": "A6AB7874-FE24-42AC-8E3A-822A70722126",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h17:*:*:*:*:*:*",
"matchCriteriaId": "61B69220-4155-4462-A133-CE7A54747B83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h18:*:*:*:*:*:*",
"matchCriteriaId": "34B083B9-CC1B-43CD-9A16-C018F7FA2DDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h19:*:*:*:*:*:*",
"matchCriteriaId": "0D88CC33-7E32-4E82-8A94-70759E910510",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h2:*:*:*:*:*:*",
"matchCriteriaId": "FA109AEA-0015-4EAA-BD86-F070FEEA2DF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h20:*:*:*:*:*:*",
"matchCriteriaId": "F90EF82F-1CC6-44B4-AFF9-02DF4EE84F81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h21:*:*:*:*:*:*",
"matchCriteriaId": "FA91A4E9-CE1E-4CB8-B717-4B0E314C0171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h22:*:*:*:*:*:*",
"matchCriteriaId": "6B4D43CC-1B4E-4380-B4A2-487870EFC5B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h23:*:*:*:*:*:*",
"matchCriteriaId": "DF7382E1-0678-40BC-8964-9D00F6C4C6F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h3:*:*:*:*:*:*",
"matchCriteriaId": "776E06EC-2FDA-4664-AB43-9F6BE9B897CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h4:*:*:*:*:*:*",
"matchCriteriaId": "20A2E1F0-8303-483F-9199-9FE257B8A228",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h5:*:*:*:*:*:*",
"matchCriteriaId": "3AF4AB7F-F9B0-4DC4-BFC5-8FC60CE65A9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h6:*:*:*:*:*:*",
"matchCriteriaId": "CBE09375-A863-42FF-813F-C20679D7C45C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h7:*:*:*:*:*:*",
"matchCriteriaId": "0247BDD2-714F-4FFD-9433-FEC7747B30D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h8:*:*:*:*:*:*",
"matchCriteriaId": "1311961A-0EF6-488E-B0C2-EDBD508587C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h9:*:*:*:*:*:*",
"matchCriteriaId": "C779DF2B-D72A-4327-8AD8-3EA6751741F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:-:*:*:*:*:*:*",
"matchCriteriaId": "5D64390F-F870-4DBF-B0FE-BCDFE58C8685",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h1:*:*:*:*:*:*",
"matchCriteriaId": "B3958C91-1860-4A07-A098-7292F9DC96EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h10:*:*:*:*:*:*",
"matchCriteriaId": "F70FC9DF-10C9-4AE5-B64B-3153E2E4E9E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h11:*:*:*:*:*:*",
"matchCriteriaId": "DB5A8E21-7651-47B7-B40B-8DDC4EBC5795",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h12:*:*:*:*:*:*",
"matchCriteriaId": "59E2A308-1AFF-4E62-9485-20EB02A43357",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h13:*:*:*:*:*:*",
"matchCriteriaId": "C3D6D552-6F33-496A-A505-5F59DF3B487B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h14:*:*:*:*:*:*",
"matchCriteriaId": "D483DFD5-D838-48AF-B1D8-7AAED4F58F42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h15:*:*:*:*:*:*",
"matchCriteriaId": "D1ECD1DC-5A05-4E4F-97F5-136CE777FAB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h16:*:*:*:*:*:*",
"matchCriteriaId": "4C3CF045-0411-4EDF-904E-233E1A315EC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h17:*:*:*:*:*:*",
"matchCriteriaId": "DDFDC7AD-687D-4CE8-AB1E-01D51BA90054",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h18:*:*:*:*:*:*",
"matchCriteriaId": "347E5938-24FF-4C2C-B823-988D34706E24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h19:*:*:*:*:*:*",
"matchCriteriaId": "C889402F-138A-45B9-BBCF-91FD18A0B810",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h2:*:*:*:*:*:*",
"matchCriteriaId": "36344DFC-4DC6-4B0A-945F-54DED38A2804",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h20:*:*:*:*:*:*",
"matchCriteriaId": "416A4A53-8F1C-45D9-8AA7-CA237582E6B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h3:*:*:*:*:*:*",
"matchCriteriaId": "CBA2B4FA-16C2-41B9-856D-EDC0CAF7A164",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h4:*:*:*:*:*:*",
"matchCriteriaId": "E5E6A893-2994-40A3-AF35-8AF068B0DE42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h5:*:*:*:*:*:*",
"matchCriteriaId": "3C8EBBD0-87C1-4C87-835A-4EE42A32F3C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h6:*:*:*:*:*:*",
"matchCriteriaId": "0AB51213-364F-4096-B987-2B7270D1214D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h7:*:*:*:*:*:*",
"matchCriteriaId": "2D695DB8-B799-493A-857F-235C8A847C61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h8:*:*:*:*:*:*",
"matchCriteriaId": "F269105A-20A7-46B3-8658-E4CEF1C046F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h9:*:*:*:*:*:*",
"matchCriteriaId": "A4914841-B9FB-491F-88BB-1654B5E7885B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:-:*:*:*:*:*:*",
"matchCriteriaId": "D814F3A3-5E9D-426D-A654-1346D9ECE9B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h1:*:*:*:*:*:*",
"matchCriteriaId": "8C7E9211-7041-4720-B4B9-3EA95D425263",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h11:*:*:*:*:*:*",
"matchCriteriaId": "CEB258EE-2C6E-4A63-B04C-89C5F76B0878",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h12:*:*:*:*:*:*",
"matchCriteriaId": "9C9F098B-5E29-41BC-B855-C5B1DA17F2A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h13:*:*:*:*:*:*",
"matchCriteriaId": "3E4AB96B-0BF3-4332-B948-3CA07D16A0C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h14:*:*:*:*:*:*",
"matchCriteriaId": "0F481B0E-2353-4AB0-8A98-B0EFBC409868",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h15:*:*:*:*:*:*",
"matchCriteriaId": "8F9623C9-4FE7-4DE2-9180-FC40F2C8B47A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h16:*:*:*:*:*:*",
"matchCriteriaId": "3F7FC771-527F-4619-B785-6AE1F4722074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h17:*:*:*:*:*:*",
"matchCriteriaId": "6444F17D-CD36-4EC3-B755-0DD929BF1DEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h18:*:*:*:*:*:*",
"matchCriteriaId": "CCC2A6DA-EB48-42CD-9234-A80C3F6AEFAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h19:*:*:*:*:*:*",
"matchCriteriaId": "046874F8-7DA7-4E2A-99BF-509424E6CCBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h2:*:*:*:*:*:*",
"matchCriteriaId": "2094463F-3FB0-4131-B593-B6CF9450095A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h20:*:*:*:*:*:*",
"matchCriteriaId": "C01A822D-2B48-4FCB-99B6-1263CF994F3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h3:*:*:*:*:*:*",
"matchCriteriaId": "DFA49934-1DAD-49FE-BF25-99FA62A97F06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h4:*:*:*:*:*:*",
"matchCriteriaId": "2A547AE6-1CD7-416C-93B1-44AFD005CA84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h5:*:*:*:*:*:*",
"matchCriteriaId": "784B4169-F917-43BD-8C5F-7D23F3F05F92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h6:*:*:*:*:*:*",
"matchCriteriaId": "1720C072-7776-43A8-AFA5-5900CBDF93C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h7:*:*:*:*:*:*",
"matchCriteriaId": "E942C669-8D3A-47AA-A4D4-823D029932A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h8:*:*:*:*:*:*",
"matchCriteriaId": "8E542ED7-98EB-4F06-87D3-5D708BD69F3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h9:*:*:*:*:*:*",
"matchCriteriaId": "4E9EB9C6-78BA-4C66-A4BD-856BF27388CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:-:*:*:*:*:*:*",
"matchCriteriaId": "03C5ABF2-8C53-4376-8A64-6CB34E18E77C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h1:*:*:*:*:*:*",
"matchCriteriaId": "64F22CCE-6EAF-403B-B522-C11085410C65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h10:*:*:*:*:*:*",
"matchCriteriaId": "FF7FCD8B-80DF-4004-A9D2-4EE884F089A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h11:*:*:*:*:*:*",
"matchCriteriaId": "15F5A583-A213-475E-8305-B8087DADCABF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h12:*:*:*:*:*:*",
"matchCriteriaId": "83C9637A-B615-4CC2-84AA-BDCFE611484C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h13:*:*:*:*:*:*",
"matchCriteriaId": "7EB3881C-B255-41AD-B61F-C14743824A3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h2:*:*:*:*:*:*",
"matchCriteriaId": "872BC747-512A-4872-AC86-E7F1DC589F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h3:*:*:*:*:*:*",
"matchCriteriaId": "67F527D0-F85B-4B83-AEA5-BA636FC89210",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h4:*:*:*:*:*:*",
"matchCriteriaId": "6CF8F985-7E51-49E6-857A-FAAF027F5611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h5:*:*:*:*:*:*",
"matchCriteriaId": "B437DCEA-ABA3-41CA-B320-97EC430F1122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h6:*:*:*:*:*:*",
"matchCriteriaId": "223673C1-9327-4C12-BF02-7447D2CAD16C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h7:*:*:*:*:*:*",
"matchCriteriaId": "593AFE7A-CB37-4156-A2B8-646A317F3176",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h8:*:*:*:*:*:*",
"matchCriteriaId": "63F4EE10-4A97-4668-9050-2DB4CEBFB307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h9:*:*:*:*:*:*",
"matchCriteriaId": "A9F032C2-3202-479B-8C70-277F6871A4A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:-:*:*:*:*:*:*",
"matchCriteriaId": "2B3D7DBA-C90C-451D-94C3-8B7066826308",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h1:*:*:*:*:*:*",
"matchCriteriaId": "010F170D-438E-4A57-98B9-E7522FD95FC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h10:*:*:*:*:*:*",
"matchCriteriaId": "E739D6A5-CCC4-43B6-BB53-316B6246BD45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h11:*:*:*:*:*:*",
"matchCriteriaId": "6202148E-A06E-49B0-8B9D-14FCB8441AC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h2:*:*:*:*:*:*",
"matchCriteriaId": "AD8795BE-5CC2-443D-99AD-BD6985CADBA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h3:*:*:*:*:*:*",
"matchCriteriaId": "F3D096D4-E60E-4D4C-9122-C36B775B4A6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h4:*:*:*:*:*:*",
"matchCriteriaId": "FEE28628-E969-44FC-B577-066DB98BBDA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h5:*:*:*:*:*:*",
"matchCriteriaId": "0651EA7B-09F1-4FCC-8A7D-5D13B8B045F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h6:*:*:*:*:*:*",
"matchCriteriaId": "C69B22C4-6E7D-4F39-B86C-D408670CDC42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h7:*:*:*:*:*:*",
"matchCriteriaId": "1B950A59-0DB3-4562-A93F-691C9F118A4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h8:*:*:*:*:*:*",
"matchCriteriaId": "8E4DF1A3-B63E-4350-AE84-C9A6DEB0BD45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h9:*:*:*:*:*:*",
"matchCriteriaId": "457824C9-4A39-4570-B697-F375AEF47A04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:-:*:*:*:*:*:*",
"matchCriteriaId": "3D33A0FB-7538-42BF-84E8-7CCD7EEF9355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h1:*:*:*:*:*:*",
"matchCriteriaId": "FB95D77F-1263-4D47-A0BB-94A6DA937115",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h2:*:*:*:*:*:*",
"matchCriteriaId": "8EA4C2A7-18CD-4232-B08C-99BEFE497A57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h3:*:*:*:*:*:*",
"matchCriteriaId": "357B747E-F960-4AA9-8696-B3BD89933630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h4:*:*:*:*:*:*",
"matchCriteriaId": "1FDB3D90-6656-49C5-9852-1F987BAEF0F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h5:*:*:*:*:*:*",
"matchCriteriaId": "0CE465FF-0A2A-439C-9747-CC2BB3E91C75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:-:*:*:*:*:*:*",
"matchCriteriaId": "C2B871A6-0636-42A0-9573-6F693D7753AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h1:*:*:*:*:*:*",
"matchCriteriaId": "F1FC63B8-B8D9-4EC1-85CA-2E12B38ACD3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h2:*:*:*:*:*:*",
"matchCriteriaId": "60CE628F-C4CB-4342-8D71-DE61A089B612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:-:*:*:*:*:*:*",
"matchCriteriaId": "5F7627B3-A463-4570-BA23-663FEB7B4A8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h1:*:*:*:*:*:*",
"matchCriteriaId": "275872C1-1EBB-4447-8C9F-347F757BFF42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h10:*:*:*:*:*:*",
"matchCriteriaId": "772B738B-9DA7-40AD-99B9-1428AB4A3E27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h11:*:*:*:*:*:*",
"matchCriteriaId": "C7DCE06C-D162-474A-A9D1-373704AEAD5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h12:*:*:*:*:*:*",
"matchCriteriaId": "F83E2987-F7B0-486C-8DC3-3C4A8B76F295",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h13:*:*:*:*:*:*",
"matchCriteriaId": "1B0D726A-A0DC-47BC-9D0A-6D95233E76DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h14:*:*:*:*:*:*",
"matchCriteriaId": "5F6ACDFF-947E-4175-8A2A-8B43B86AA8B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h15:*:*:*:*:*:*",
"matchCriteriaId": "6302E536-5B1A-45F6-996E-847F22C3C997",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h16:*:*:*:*:*:*",
"matchCriteriaId": "5A12B7ED-1748-4EF2-86D9-99DA4F5F5074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h17:*:*:*:*:*:*",
"matchCriteriaId": "75F68D18-376D-4047-B6F7-BF9FDDE0619E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h2:*:*:*:*:*:*",
"matchCriteriaId": "B3277AA8-303D-4ABE-B4AC-CD373695C7D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h3:*:*:*:*:*:*",
"matchCriteriaId": "4F36A8CA-4B15-4A88-BA51-2346506DE6E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h4:*:*:*:*:*:*",
"matchCriteriaId": "F6CED1CC-D63C-4A10-9035-C461CA35E584",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h5:*:*:*:*:*:*",
"matchCriteriaId": "E7B383A0-FDE0-41E4-9B29-8B3BDFBDC806",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h6:*:*:*:*:*:*",
"matchCriteriaId": "85A08CC6-F5A4-4148-8049-F4EF85B0BE54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h7:*:*:*:*:*:*",
"matchCriteriaId": "67E5516D-2C32-448F-9F83-6E43DDB009B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h8:*:*:*:*:*:*",
"matchCriteriaId": "BA80BE87-0734-43F4-A163-29D989B04709",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h9:*:*:*:*:*:*",
"matchCriteriaId": "BC83C63B-54C8-4667-8742-30A5477414B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7F383C3D-0C7A-4B5E-9798-D1CE9632687B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:-:*:*:*:*:*:*",
"matchCriteriaId": "DF83EAA1-49E1-4AD0-A049-F1B3065950BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h1:*:*:*:*:*:*",
"matchCriteriaId": "BE3F7369-9F35-409A-9F47-45A959592DFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h10:*:*:*:*:*:*",
"matchCriteriaId": "6650937C-D778-4B5D-AA28-E7DA96DDAB7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h11:*:*:*:*:*:*",
"matchCriteriaId": "DB835E23-6984-413D-A870-8734E626D219",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h12:*:*:*:*:*:*",
"matchCriteriaId": "FD247097-EEC7-48E7-9C14-3314900BD5F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h2:*:*:*:*:*:*",
"matchCriteriaId": "83A04AA3-4B6C-4B75-9797-74FA230FD299",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h3:*:*:*:*:*:*",
"matchCriteriaId": "AECB34F6-76F3-46E4-8F08-8570247AC281",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h4:*:*:*:*:*:*",
"matchCriteriaId": "E9DB4DA9-2262-4E9E-B3A1-49D261D01295",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h5:*:*:*:*:*:*",
"matchCriteriaId": "552C1E17-E4A7-462C-97E4-AF14C00B89FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h6:*:*:*:*:*:*",
"matchCriteriaId": "1EB942A4-026C-494D-A1DD-96259354CB0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h7:*:*:*:*:*:*",
"matchCriteriaId": "4852E738-990C-4DD2-8252-D4625D843A99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h8:*:*:*:*:*:*",
"matchCriteriaId": "010E5816-BB0D-438B-A280-AF35B435DCFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h9:*:*:*:*:*:*",
"matchCriteriaId": "CB2C59F8-2583-4510-90F8-500F8329AFFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7C31ACD7-46AB-4092-89F3-7B4C9B642199",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:-:*:*:*:*:*:*",
"matchCriteriaId": "52C50A07-F4D8-4F1F-BA61-3429BB1721BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:-:*:*:*:*:*:*",
"matchCriteriaId": "C01AD190-F3C2-4349-A063-8C5C78B725B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h1:*:*:*:*:*:*",
"matchCriteriaId": "30F4CD1C-6862-4279-8D2D-40B4D164222F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h2:*:*:*:*:*:*",
"matchCriteriaId": "A52B7A7A-483A-4075-B1E9-5C14B66F7FC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h3:*:*:*:*:*:*",
"matchCriteriaId": "6E46608E-682E-47B8-B810-8714571286C5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An authentication bypass in the Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to bypass the authentication otherwise required by the PAN-OS management web interface and invoke certain PHP scripts. While invoking these PHP scripts does not enable remote code execution, it can negatively impact integrity and confidentiality of PAN-OS.\n\nYou can greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended best practices deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .\n\nThis issue does not affect Cloud NGFW or Prisma Access software."
},
{
"lang": "es",
"value": "Una omisi\u00f3n de autenticaci\u00f3n en el software PAN-OS de Palo Alto Networks permite que un atacante no autenticado con acceso a la red a la interfaz web de administraci\u00f3n omita la autenticaci\u00f3n que de otro modo requerir\u00eda la interfaz web de administraci\u00f3n de PAN-OS e invoque ciertos scripts PHP. Si bien la invocaci\u00f3n de estos scripts PHP no permite la ejecuci\u00f3n remota de c\u00f3digo, puede afectar negativamente la integridad y la confidencialidad de PAN-OS. Puede reducir en gran medida el riesgo de este problema al restringir el acceso a la interfaz web de administraci\u00f3n solo a direcciones IP internas confiables de acuerdo con nuestras pautas de implementaci\u00f3n de mejores pr\u00e1cticas recomendadas https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . Este problema no afecta al software Cloud NGFW ni a Prisma Access."
}
],
"id": "CVE-2025-0108",
"lastModified": "2025-06-27T20:39:59.717",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "RED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:M/U:Red",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "MODERATE"
},
"source": "psirt@paloaltonetworks.com",
"type": "Secondary"
}
]
},
"published": "2025-02-12T21:15:16.290",
"references": [
{
"source": "psirt@paloaltonetworks.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2025-0108"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/iSee857/CVE-2025-0108-PoC"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Press/Media Coverage"
],
"url": "https://slcyber.io/blog/nginx-apache-path-confusion-to-auth-bypass-in-pan-os/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Press/Media Coverage",
"Third Party Advisory"
],
"url": "https://www.bleepingcomputer.com/news/security/palo-alto-networks-tags-new-firewall-bug-as-exploited-in-attacks/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Press/Media Coverage",
"Third Party Advisory"
],
"url": "https://www.darkreading.com/remote-workforce/patch-now-cisa-researchers-warn-palo-alto-flaw-exploited-wild"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Press/Media Coverage",
"Third Party Advisory"
],
"url": "https://www.securityweek.com/palo-alto-networks-confirms-exploitation-of-firewall-vulnerability/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Press/Media Coverage",
"Third Party Advisory"
],
"url": "https://www.theregister.com/2025/02/19/palo_alto_firewall_attack/"
}
],
"sourceIdentifier": "psirt@paloaltonetworks.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "psirt@paloaltonetworks.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…