The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added two security flaws impacting Palo Alto Networks PAN-OS and SonicWall SonicOS SSLVPN to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
The flaws are listed below –
- CVE-2025-0108 (CVSS score: 7.8) – An authentication bypass vulnerability in the Palo Alto Networks PAN-OS management web interface that allows an unauthenticated attacker with network access to the management web interface to bypass the authentication normally required and invoke certain PHP scripts
- CVE-2024-53704 (CVSS score: 8.2) – An improper authentication vulnerability in the SSLVPN authentication mechanism that allows a remote attacker to bypass authentication
Palo Alto Networks has since confirmed to The Hacker News that it has observed active exploitation attempts against CVE-2025-0108, with the company noting that it could be chained with other vulnerabilities like CVE-2024-9474 to allow unauthorized access to unpatched and unsecured firewalls.
“Palo Alto Networks has observed exploit attempts chaining CVE-2025-0108 with CVE-2024-9474 and CVE-2025-0111 on unpatched and unsecured PAN-OS web management interfaces,” it said in an updated advisory.
Threat intelligence firm GreyNoise said as many as 25 malicious IP addresses are actively exploiting CVE-2025-0108, with the volume of attacker activity surging 10 times since it was detected nearly a week ago. The top three sources of attack traffic are the United States, Germany, and the Netherlands.
As for CVE-2024-53704, cybersecurity company Arctic Wolf revealed that threat actors began weaponizing the flaw shortly after a proof-of-concept (PoC) was made available by Bishop Fox.
In light of active exploitation, Federal Civilian Executive Branch (FCEB) agencies are required to remediate the identified vulnerabilities by March 11, 2025, to secure their networks.
Update
In a follow-up bulletin published on February 20, 2025, CISA added CVE-2025-0111 to its KEV catalog, requiring federal agencies to update to the latest versions by March 13, 2025.
“Palo Alto Networks PAN-OS contains an external control of file name or path vulnerability. Successful exploitation enables an authenticated attacker with network access to the management web interface to read files on the PAN-OS filesystem that are readable by the ‘nobody’ user,” the agency said.
About The Author
Original post here
