Wednesday , June 25 2025
Palo Alto

Hacker chains multiple vulns to attack Palo Alto Firewall

Palo Alto Networks has issued urgent warnings about threat actors to exploit vulnerabilities in PAN-OS, the operating system powering its next-generation firewalls.

Coordinated attacks can exploit flaws in authentication and privilege escalation to gain unauthorized access to unpatched devices, threatening the security of enterprise networks.

WhatsApp banned on all US House of Representatives devices

The U.S. House of Representatives has banned congressional staff from using WhatsApp on government devices due to security concerns, as...
Read More
WhatsApp banned on all US House of Representatives devices

Kaspersky found “SparkKitty” Malware on Google Play, Apple App Store

Kaspersky found a new mobile malware dubbed SparkKitty in Google Play and Apple App Store apps, targeting Android and iOS....
Read More
Kaspersky found “SparkKitty” Malware on Google Play, Apple App Store

OWASP AI Testing Guide Launched to Uncover Vulns in AI Systems

OWASP has released its AI Testing Guide, a framework to help organizations find and fix vulnerabilities specific to AI systems....
Read More
OWASP AI Testing Guide Launched to Uncover Vulns in AI Systems

Axentec Launches Bangladesh’s First Locally Hosted Tier-4 Cloud Platform

In a major milestone for the country’s digital infrastructure, Axentec PLC has officially launched Axentec Cloud, Bangladesh’s first Tier-4 cloud...
Read More
Axentec Launches Bangladesh’s First Locally Hosted Tier-4 Cloud Platform

Hackers Bypass Gmail MFA With App-Specific Password Reuse

A hacking group reportedly linked to Russian government has been discovered using a new phishing method that bypasses two-factor authentication...
Read More
Hackers Bypass Gmail MFA With App-Specific Password Reuse

Russia detects first SuperCard malware attacks via NFC

Russian cybersecurity experts discovered the first local data theft attacks using a modified version of legitimate near field communication (NFC)...
Read More
Russia detects first SuperCard malware attacks via NFC

Income Property Investments exposes 170,000+ Individuals record

Cybersecurity researcher Jeremiah Fowler discovered an unsecured database with 170,360 records belonging to a real estate company. It contained personal...
Read More
Income Property Investments exposes 170,000+ Individuals record

ALERT (CVE: 2023-28771)
Zyxel Firewalls Under Attack via CVE-2023-28771 by 244 IPs

GreyNoise found attempts to exploit CVE-2023-28771, a vulnerability in Zyxel's IKE affecting UDP port 500. The attack centers around CVE-2023-28771,...
Read More
ALERT (CVE: 2023-28771)  Zyxel Firewalls Under Attack via CVE-2023-28771 by 244 IPs

CISA Flags Active Exploits in Apple iOS and TP-Link Routers

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently included two high-risk vulnerabilities in its Known Exploited Vulnerabilities (KEV)...
Read More
CISA Flags Active Exploits in Apple iOS and TP-Link Routers

10K Records Allegedly from Mac Cloud Provider’s Customers Leaked Online

SafetyDetectives’ Cybersecurity Team discovered a public post on a clear web forum in which a threat actor claimed to have...
Read More
10K Records Allegedly from Mac Cloud Provider’s Customers Leaked Online

CVE-2025-0108 is a serious authentication bypass vulnerability in the management web interface of PAN-OS that is currently being exploited.

On February 12, 2025, Assetnote researchers found a vulnerability that lets unauthenticated attackers execute certain PHP scripts, threatening system confidentiality and integrity.

Although this vulnerability doesn’t allow for remote code execution, its exploitation increased rapidly after it was disclosed, with GreyNoise tracking 25 malicious IPs by February 18.

Hackers Chaining Multiple Palo Alto Vulnerabilities:

Palo Alto Networks reported that hackers are linking CVE-2025-0108 with two other vulnerabilities:

CVE-2024-9474: A privilege escalation vulnerability (CVSS 6.9) allows authenticated administrators to run root-level commands. Since November 2024, it has been exploited for cryptojacking, webshell installations, and sensitive data theft.

CVE-2025-0111: A medium-severity file read vulnerability (CVSS 4.9) allows authenticated users to access files readable by the “nobody” account. Attackers can exploit these vulnerabilities to bypass authentication, escalate privileges, and gain full root access to firewalls.

Mitigations:

Palo Alto Networks has urged customers to:

Immediately patch affected PAN-OS versions (10.1, 10.2, 11.1, 11.2).
Restrict management interface access to trusted IPs, avoiding public internet exposure.
Monitor for suspicious activity, particularly PHP script executions and unauthorized file reads.
The company emphasized that PAN-OS 11.0, which reached end-of-life in November 2024, will not receive updates, necessitating upgrades to supported versions.

CISA added CVE-2025-0108 to its Known Exploited Vulnerabilities catalog on February 19, mandating federal agencies to remediate it by March 7, 2025.

The ongoing exploitation of vulnerabilities in Palo Alto points out the dangers of publicly accessible management interfaces. According to Assetnote’s Shubham Shah, CVE-2025-0108 needs to be combined with other flaws, but the high number of unpatched systems and available public exploits makes it easier for attackers.

Steven Thai, a Palo Alto spokesperson said, “The security of our customers remains our top priority. We strongly advise applying fixes to mitigate these chained attacks.”

CVE-2018-19410 Exposes 600 PRTG Instances in Bangladesh

Check Also

CISA Flags Active Exploits in Apple iOS and TP-Link Routers

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently included two high-risk vulnerabilities in …

Leave a Reply

Your email address will not be published. Required fields are marked *