InfoSecBulletin Cybersecurity for mankind
Palo Alto Networks has issued advisories for two critical vulnerabilities in its PAN-OS. The vulnerabilities, CVE-2025-0108 and CVE-2025-0110, may enable attackers to bypass authentication and run arbitrary commands.
CVE-2025-0108: Authentication Bypass Vulnerability
YouTube geo-blocks at least 4 Bangladeshi TV channels in India
Microsoft Patches Four Critical Azure and Power Apps Vulns
Qilin Ransomware topped April 2025 with 45+ data leak disclosures
SonicWall Patches 3 Flaws in SMA 100 Devices
Top Ransomware Actively Attacking Financial Sector: 406 Incidents Disclosed
Critical (CVSS 10) Flaw in Cisco IOS XE WLCs Allows RRA
CVE-2025-29824
Play Ransomware Exploited Windows CVE-2025-29824 as Zero-Day
Hacker exploited Samsung MagicINFO 9 Server RCE flaw
CISA adds Langflow flaw to its KEV catalog
Google Fixes Android Flaw (CVE-2025-27363) Exploited by Attackers
A vulnerability in the PAN-OS management web interface (CVSSv3.1 score 7.8) allows unauthenticated attackers with network access to bypass authentication and run specific PHP scripts. This could compromise the integrity and confidentiality of PAN-OS, although it does not enable remote code execution.
“An authentication bypass in the Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to bypass the authentication otherwise required by the PAN-OS management web interface and invoke certain PHP scripts,” the advisory explains.
CVE-2025-0110: Command Injection Vulnerability
The vulnerability (CVSSv3.1 score 7.3) is in the PAN-OS OpenConfig plugin. An authenticated administrator who can send gNMI requests to the PAN-OS management web interface could exploit this flaw to inject and execute arbitrary commands. These commands would have the privileges of the “_openconfig” user, who holds the Device Administrator role.
“A command injection vulnerability in the Palo Alto Networks PAN-OS OpenConfig plugin enables an authenticated administrator with the ability to make gNMI requests to the PAN-OS management web interface to bypass system restrictions and run arbitrary commands,” the advisory states.
Affected Versions and Mitigation:
CVE-2025-0108 impacts PAN-OS versions prior to 11.2.4-h4, 11.1.6-h1, 10.2.13-h3, and 10.1.14-h9. CVE-2025-0110 affects OpenConfig plugin versions before 2.1.2.
Palo Alto Networks has released updates to fix two vulnerabilities. Users are encouraged to update their PAN-OS software immediately and limit management interface access to trusted internal IP addresses only.
Ivanti Patches 3 Critical Flaws in Connect Secure and Policy Secure
