- 41/2025
- High
Palo Alto has released security updatesto fix multiple vulnerabilities affecting Palo Alto PAN-OS and Palo Alto Cortex XDR.
The addressed vulnerabilities could allow the attacker to bypass security restrictions, manipulate data, obtain sensitive information, execute arbitrary commands/codes, and gain access to the affected systems.
Sample of the addressed vulnerabilities:
1. PAN-OS Authentication Bypass in the Management Web Interface Vulnerability (CVE-2025-0108):
- CVSS: 7.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Access
2. PAN-OS Command Injection Vulnerability in OpenConfig Plugin (CVE-2025- 0110):
- CVSS: 7.3
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Consequences: Bypass security
Vulnerabilities
- CVE-2025-0108
- CVE-2025-0109
- CVE-2025-0110
- CVE-2025-0111
- CVE-2025-0112
- CVE-2025-0113
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.