1. Home
  2. Mapping Frameworks
  3. Known Exploited Vulnerabilities Home
  4. Palo Alto Networks PAN-OS Authentication Bypass Vulnerability

Known Exploited Vulnerabilities CVE-2025-0108

Palo Alto Networks PAN-OS contains an authentication bypass vulnerability in its management web interface. This vulnerability allows an unauthenticated attacker with network access to the management web interface to bypass the authentication normally required and invoke certain PHP scripts.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
CVE-2025-0108 Palo Alto Networks PAN-OS Authentication Bypass Vulnerability exploitation_technique T1190 Exploit Public-Facing Application
Comments
This exploit is part of a chain of exploits (with CVE-2025-0108 and CVE-2024-9474) that can end with an attacker gaining root access to the system. This vulnerability allows the attacker to bypass authentication using the PAN-OS web management interface, as well as invoke PHP scripts. The attacker can also use their newfound privileged access to reconfigure the firewall, allowing for backdoors to be created.
References
  1. https://www.armis.com/threat-alert/breaking-down-palo-alto-networks-pan-os-vulnerability/
CVE-2025-0108 Palo Alto Networks PAN-OS Authentication Bypass Vulnerability primary_impact T1055 Process Injection
Comments
This exploit is part of a chain of exploits (with CVE-2025-0108 and CVE-2024-9474) that can end with an attacker gaining root access to the system. This vulnerability allows the attacker to bypass authentication using the PAN-OS web management interface, as well as invoke PHP scripts. The attacker can also use their newfound privileged access to reconfigure the firewall, allowing for backdoors to be created.
References
  1. https://www.armis.com/threat-alert/breaking-down-palo-alto-networks-pan-os-vulnerability/
CVE-2025-0108 Palo Alto Networks PAN-OS Authentication Bypass Vulnerability primary_impact T1565.001 Stored Data Manipulation
Comments
This exploit is part of a chain of exploits (with CVE-2025-0108 and CVE-2024-9474) that can end with an attacker gaining root access to the system. This vulnerability allows the attacker to bypass authentication using the PAN-OS web management interface, as well as invoke PHP scripts. The attacker can also use their newfound privileged access to reconfigure the firewall, allowing for backdoors to be created.
References
  1. https://www.armis.com/threat-alert/breaking-down-palo-alto-networks-pan-os-vulnerability/