According to evidence of active exploitation, the U.S. Cybersecurity and Infrastructure Security Agency ( CISA ) two security flaws to the Known Exploited Vulnerabilities ( ) catalog of Palo Alto Networks PAN-OS and SonicWall SonicOS SSLVPN.
The shortcomings are listed under.
- CVE-2025-0108 ( CVSS score: 7.8 )- An authentication bypass vulnerability in the management web interface of Palo Alto Networks that enables an unauthenticated attacker to bypass the authentication that is typically required and execute specific PHP scripts.
- ( CVSS score: 8.2 )- An improper authentication vulnerability in the SSLVPN authentication mechanism that allows a remote attacker to bypass authentication
According to Palo Alto Networks, the company has since confirmed to The Hacker News that it has seen engaged exploitation efforts against CVE-2025-0108, and that it may be linked to another vulnerability, such as CVE-2024-9474, to prevent unauthorized access to unprotected and unpatched firewalls.
” Palo Alto Networks has observed abuse efforts chaining CVE-2025-0108 with and on unpatched and unprotected PAN-OS website administration interfaces”, it in an updated advice.
Up to 25 destructive IP addresses are constantly exploiting CVE-2025-0108, according to Threat Intelligence company Grey Noise, with the volume of attacker activity increasing ten times since it was discovered nearly a week ago. The top three sources of invasion customers are the United States, Germany, and the Netherlands.
Concerning CVE-2024-53704, cybersecurity firm Arctic Wolf revealed that threat actors are using it to evade detection shortly after Bishop Fox made a proof-of-concept ( PoC ) available.
In light of active exploitation, Federal Civilian Executive Branch (FCEB ) agencies are required to remediate the identified vulnerabilities by March 11, 2025, to secure their networks.