PAN-OS Auth Bypass: Unauth Access to Mgmt Web Interface PHP Scripts
CVE-2025-0108 Published on February 12, 2025
PAN-OS: Authentication Bypass in the Management Web Interface
An authentication bypass in the Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to bypass the authentication otherwise required by the PAN-OS management web interface and invoke certain PHP scripts. While invoking these PHP scripts does not enable remote code execution, it can negatively impact integrity and confidentiality of PAN-OS.
You can greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended best practices deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .
This issue does not affect Cloud NGFW or Prisma Access software.
Known Exploited Vulnerability
This Palo Alto PAN-OS Authentication Bypass Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Palo Alto PAN-OS contains an authentication bypass vulnerability in its management web interface. This vulnerability allows an unauthenticated attacker with network access to the management web interface to bypass the authentication normally required and invoke certain PHP scripts.
The following remediation steps are recommended / required by March 11, 2025: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Timeline
Updated fix availability for PAN-OS 10.2 and 11.1
Updated the exploit status and solutions table
Updated fix availability for PAN-OS 10.2
Updated exploit status
Added Threat Prevention Threat ID to Workarounds and Mitigations
Initial Publication
Weakness Type
Missing Authentication for Critical Function
The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Products Associated with CVE-2025-0108
Want to know whenever a new CVE is published for Palo Alto Networks PAN-OS? stack.watch will email you.
Affected Versions
Palo Alto Networks Cloud NGFW:- Version All is unaffected.
- Version 10.1.0 and below 10.1.14-h9 is affected.
- Version 10.2.0 and below 10.2.7-h24 is affected.
- Version 11.1.0 and below 11.1.6-h1 is affected.
- Version 11.2.0 and below 11.2.4-h4 is affected.
- Version All is unaffected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.