The U.S. Cybersecurity and Infrastructure Safety Company (CISA) on Tuesday added two safety flaws impacting Palo Alto Networks PAN-OS and SonicWall SonicOS SSLVPN to its Recognized Exploited Vulnerabilities (KEV) catalog, based mostly on proof of energetic exploitation.
The issues are listed beneath –
- CVE-2025-0108 (CVSS rating: 7.8) – An authentication bypass vulnerability within the Palo Alto Networks PAN-OS administration internet interface that permits an unauthenticated attacker with community entry to the administration internet interface to bypass the authentication usually required and invoke sure PHP scripts
- CVE-2024-53704 (CVSS rating: 8.2) – An improper authentication vulnerability within the SSLVPN authentication mechanism that permits a distant attacker to bypass authentication
Palo Alto Networks has since confirmed to The Hacker Information that it has noticed energetic exploitation makes an attempt towards CVE-2025-0108, with the corporate noting that it might be chained with different vulnerabilities like CVE-2024-9474 to permit unauthorized entry to unpatched and unsecured firewalls.
“Palo Alto Networks has noticed exploit makes an attempt chaining CVE-2025-0108 with CVE-2024-9474 and CVE-2025-0111 on unpatched and unsecured PAN-OS internet administration interfaces,” it said in an up to date advisory.
Risk intelligence agency GreyNoise said as many as 25 malicious IP addresses are actively exploiting CVE-2025-0108, with the quantity of attacker exercise surging 10 occasions because it was detected almost every week in the past. The highest three sources of assault visitors are the US, Germany, and the Netherlands.
As for CVE-2024-53704, cybersecurity firm Arctic Wolf revealed that risk actors started weaponizing the flaw shortly after a proof-of-concept (PoC) was made out there by Bishop Fox.
In gentle of energetic exploitation, Federal Civilian Govt Department (FCEB) companies are required to remediate the recognized vulnerabilities by March 11, 2025, to safe their networks.
Replace
In a follow-up bulletin printed on February 20, 2025, CISA added CVE-2025-0111 to its KEV catalog, requiring federal companies to replace to the most recent variations by March 13, 2025.
“Palo Alto Networks PAN-OS incorporates an exterior management of file identify or path vulnerability. Profitable exploitation allows an authenticated attacker with community entry to the administration internet interface to learn information on the PAN-OS filesystem which can be readable by the ‘no one’ person,” the company mentioned.
