Today's cybersecurity headlines are brought to you by ThreatPerspective
Ethical Hacking News

Palo Alto Networks Alerts on Active Exploitation of PAN-OS Vulnerability CVE-2025-0111



Palo Alto Networks has warned that the vulnerability CVE-2025-0111 is actively exploited with two other flaws to compromise PAN-OS firewalls. Organizations must take immediate action to patch their systems and implement strict controls on network access to minimize the risk of exploitation. The consequences of inaction can be severe, including unauthorized access to sensitive data, financial losses, and reputational damage.

  • Palo Alto Networks has issued a high-pitched warning about an imminent threat from CVE-2025-0111 vulnerability in its PAN-OS firewalls.
  • The vulnerability allows attackers to exploit PAN-OS devices by chaining with two other vulnerabilities, and it is being actively exploited in the wild.
  • The threat actors have been observed exploiting this vulnerability since February 13, 2024, targeting PAN-OS web management interfaces.
  • Organizations are advised to restrict access to trusted internal IP addresses and implement strict controls on network access to minimize the risk of exploitation.
  • Palo Alto Networks has released patches for versions 11.2, 11.1, 10.2, and 10.1 of PAN-OS to address the vulnerability.



    • Palo Alto Networks has sounded a high-pitched warning, alerting organizations and individuals to an imminent threat from the actively exploited vulnerability in its PAN-OS firewalls, identified as CVE-2025-0111. This critical security flaw allows attackers to exploit PAN-OS devices by chaining with two other vulnerabilities, namely CVE-2025-0108 and CVE-2024-9474. The implications are far-reaching, and it is imperative for organizations to take immediate action to patch their systems before they become vulnerable.

    The threat actors have been observed exploiting this vulnerability since February 13, 2024, targeting PAN-OS web management interfaces. According to reports from cybersecurity firms like GreyNoise, Assetnote, and Shadowserver Foundation, the malicious traffic originated from 19 IPs seen, with attackers attempting to use a recently published PoC exploit code for CVE-2025-0108. This indicates that threat actors are employing sophisticated tactics to take advantage of this vulnerability.

    The vulnerability itself is a file read issue in PAN-OS, allowing an authenticated attacker with network access to the management web interface to read files that are readable by the “nobody” user. This may seem minor, but it has significant implications for organizations that rely on PAN-OS firewalls for security and compliance purposes.

    Palo Alto Networks addressed this vulnerability on February 12, 2025, providing a patch to mitigate the risk. However, the company has since updated its bulletin to warn that it is being actively exploited in the wild. The risk is higher if the management interface is accessible from the internet or an untrusted network, directly or via a dataplane interface with a management profile.

    To minimize the risk of exploitation, organizations are advised to restrict access to trusted internal IP addresses and implement strict controls on network access. The following versions have been addressed by Palo Alto Networks:

    * Versions 11.2< 11.2.4-h4>= 11.2.4-h4 for PAN-OS 11.2
    * Versions 11.1< 11.1.6-h1>= 11.1.6-h1 for PAN-OS 11.1
    * Versions 10.2< 10.2.13-h3>= 10.2.13-h3 for PAN-OS 10.2
    * Versions 10.1< 10.1.14-h9>= 10.1.14-h9 for PAN-OS 10.1

    Cybersecurity firms like Adobe, Microsoft, VMware, and Google have also released security patches to address other critical vulnerabilities in their software.

    In light of these developments, it is crucial for organizations to prioritize their cybersecurity posture and take immediate action to patch vulnerable systems. The consequences of not taking swift action can be severe, including unauthorized access to sensitive data, financial losses, and reputational damage.

    In addition to the CVE-2025-0111 vulnerability, there are several other critical security issues that have been identified in recent weeks. These include vulnerabilities in Adobe Acrobat and Reader, Microsoft Windows, VMware Horizon, and Google Chrome.

    The threat landscape continues to evolve at an alarming rate, with new vulnerabilities emerging daily. It is essential for organizations to stay vigilant and invest in robust cybersecurity measures to protect themselves against these threats.

    In conclusion, the active exploitation of the CVE-2025-0111 vulnerability in PAN-OS firewalls highlights the importance of prioritizing cybersecurity in today's digital age. Organizations must take immediate action to patch their systems and implement strict controls on network access to minimize the risk of exploitation. The consequences of inaction can be severe, and it is imperative to stay ahead of the threat curve by investing in robust cybersecurity measures.



    Related Information:

  • https://securityaffairs.com/174409/hacking/palo-alto-networks-cve-2025-0111-actively-exploited.html

  • https://www.bleepingcomputer.com/news/security/palo-alto-networks-tags-new-firewall-bug-as-exploited-in-attacks/

  • https://nvd.nist.gov/vuln/detail/CVE-2025-0111

  • https://www.cvedetails.com/cve/CVE-2025-0111/

  • https://nvd.nist.gov/vuln/detail/CVE-2025-0108

  • https://www.cvedetails.com/cve/CVE-2025-0108/

  • https://nvd.nist.gov/vuln/detail/CVE-2024-9474

  • https://www.cvedetails.com/cve/CVE-2024-9474/


    • Published: Thu Feb 20 01:55:58 2025 by llama3.2 3B Q4_K_M


         


    © Ethical Hacking News . All rights reserved.

    Privacy | Terms of Use | Contact Us