High-Severity Palo Alto Networks Firewall Vulnerability: What You Need to Know

A new high-severity vulnerability has been discovered in Palo Alto Networks (PAN) firewall operating systems (PAN-OS), prompting concerns and requiring immediate attention. This blog post breaks down the vulnerability, its potential impact and the necessary steps to mitigate the risk.

Note: If you’re currently an NWG Manage Customer, the risk of this vulnerability is low, as the mitigation steps outlined below are already in place for any PAN devices we manage. However, as a best practice, this vulnerability still needs to be patched. We’re reaching out to all customers with PAN devices covered under NWG Manage services to schedule the patching of this vulnerability.

The Vulnerability: CVE-2025-0108

This new vulnerability (CVE-2025-0108) affects certain PAN-OS versions. It was seen being actively exploited as of February 18, 2025. The vulnerability allows an unauthenticated attacker with access to the firewall's management web interface to bypass authentication and invoke specific PHP scripts. While invoking these scripts doesn’t enable remote code execution, it poses a significant threat to the integrity and confidentiality of the firewall, giving it a severity rating of high.

Mitigation and Remediation

PAN has released an advisory detailing the vulnerability, and providing crucial remediation and mitigation steps. The primary mitigation strategy involves restricting access to the management web interface to only trusted IP addresses. This limits the attack surface and makes it significantly harder for unauthorized individuals to attempt exploitation.

Critically, PAN has also released patches for all affected PAN-OS versions. Applying these patches is the most effective way to eliminate the vulnerability and prevent exploitation.

What You Should Do

• Identify Affected Devices: Determine if any of your firewalls are running a vulnerable version of PAN-OS. Refer to the PAN advisory for a complete list of affected versions, or visit the Assets section of your PAN Customer Support Portal.
  ‍
• Secure Management Access: Immediately limit access to your management web interface according to PAN’s best practices deployment guidelines.

• Apply the Patch: Download and install the appropriate patch from PAN as soon as possible. This is the ultimate solution to address the vulnerability.

• Regular Security Updates: Ensure you have a process in place for regularly checking and applying security updates for all your network devices. This proactive approach helps minimize your exposure to future vulnerabilities.

• Monitor Network Activity: Keep a close eye on your network traffic for any suspicious activity. Customers with a PAN Threat Prevention subscription can also block attacks for this vulnerability by enabling Threat ID 510000 and 510001.

Key Takeaway

This vulnerability — and others like it — highlight the importance of staying informed about security threats and taking quick action to address them.

At NWG, our experts are always on high alert to make sure your key infrastructure is secure so you can use your company resources to focus on what’s truly important. Whether you're using PAN, Cisco, Fortinet, Juniper or any other manufacturer, we can help you with a variety of tasks to ensure that your systems are running reliably and securely.

Learn more about NWG Manage here.

—

Published with contributions from: Collin Coe, Customer Experience Associate; Michael Cross, VP of Operations; Scott Smith, VP of Security Architecture

Publish Date: February 18, 2025