Based on evidence of active exploitation, the U.S. Cybersecurity and Infrastructure Security Agency ( CISA ) two security flaws to the known exploited vulnerabilities ( ) list for Palo Alto Networks PAN-OS and SonicWall SonicOS SSLVPN on Tuesday.
The shortcomings are listed under.
- CVE-2025-0108 ( CVSS score: 7.8 )- An authentication bypass vulnerability in the management web interface of Palo Alto Networks that enables an unauthenticated attacker to bypass the authentication that is typically required and execute specific PHP scripts.
- ( CVSS score: 8.2 )- An improper authentication vulnerability in the SSLVPN authentication mechanism that allows a remote attacker to bypass authentication
Palo Alto Networks has since confirmed to The Hacker News that it has seen energetic abuse attempt against CVE-2025-0108, with the company pointing out that it may be linked to other vulnerabilities like CVE-2024-9474, which would entitle unauthorized access to unpatched and unprotected routers.
” Palo Alto Networks has observed abuse efforts chaining CVE-2025-0108 with and on unpatched and unprotected PAN-OS website administration interfaces”, it in an updated advice.
Up to 25 destructive IP addresses are constantly exploiting CVE-2025-0108, according to Threat Intelligence company Grey Noise, with the volume of attacker activity increasing ten times since it was discovered nearly a week ago. The top three sources of invasion customers are the United States, Germany, and the Netherlands.
Concerning CVE-2024-53704, cybersecurity firm Arctic Wolf revealed that threat actors are using the flaw shortly after Bishop Fox made a proof-of-concept ( PoC ) available.
In light of active exploitation, Federal Civilian Executive Branch (FCEB ) agencies are required to remediate the identified vulnerabilities by March 11, 2025, to secure their networks.