Palo Alto Networks urges immediate patching of PAN-OS flaws CVE-2025-0108 & CVE-2025-0111 as attackers exploit vulnerabilities in a growing threat chain.
Developing an attack chain is not entirely surprising, as threat actors were already chaining two of the prior vulnerabilities in previously disclosed exploitation attempts.
Researchers at AssetNote had previously discovered the authentication bypass vulnerability while investigating CVE-2024-9474, which emerged in exploitation activity seen in November.
Palo Alto Networks researchers discovered the file read vulnerability. They cautioned that the risk is greatest if users directly enable access through a management interface or a data plane interface, including a management interface profile.
“Palo Alto Networks is urging customers to immediately patch two vulnerabilities in the PAN-OS web management interface CVE-2025-0108 and CVE-2025-0111,” a spokesperson said via email. “These vulnerabilities could allow unauthorized access to the management interface of affected firewalls, potentially leading to system compromise.”
Due to security concerns, the company declined to specify exactly how the attack chain works, but it emphasized the importance of patching all identified vulnerabilities and said that CVEs are often more dangerous when combined.
Also Read: Cybersecurity Overhaul: Why Your Strategy Needs a GenAI Upgrade
The Cybersecurity and Infrastructure Security Agency added CVE-2025-0111 Thursday to its known exploited vulnerabilities catalog.
Palo Alto Networks said security teams can greatly reduce the attack risk by only allowing trusted internal IP addresses to access the management interface.
