Ethical Hacking News
Palo Alto Networks has warned about an actively exploited firewall bug, allowing threat actors to breach PAN-OS firewalls using a chain of vulnerabilities. The issue affects thousands of devices and highlights the need for timely patching and security updates. Organizations must take immediate action to protect themselves against this attack.
Palo Alto Networks has issued a warning about a newly disclosed vulnerability in its firewall software (CVE-2025-0111) that is being actively exploited by threat actors. The bug allows authenticated attackers with network access to read files readable by the "nobody" user, chaining it with two previously disclosed flaws for increased exploitation. Thousands of PAN-OS devices are exposed to the internet and vulnerable to this chain of exploits. Only a few dozen devices have applied the patch for CVE-2025-0108 and CVE-2025-0111, with many more left patched but vulnerable to another flaw (CVE-2024-9474). The U.S. Cybersecurity & Infrastructure Security Agency has added CVE-2025-0108 to its "Known Exploited Vulnerabilities" catalog and warned federal agencies until March 11, 2025, to apply available updates.
Palo Alto Networks, a prominent provider of cybersecurity solutions, has issued a warning about a newly disclosed vulnerability in its firewall software that is being actively exploited by threat actors. The bug, tracked as CVE-2025-0111, allows authenticated attackers with network access to the management web interface to read files that are readable by the "nobody" user. This vulnerability was first disclosed on February 12, 2025, but it has since been updated by the vendor to reflect an increase in exploitation activity.
The issue arises from a file read vulnerability (CVE-2025-0111) in PAN-OS, allowing authenticated attackers with network access to the management web interface to read files that are readable by the "nobody" user. This vulnerability is chained with another previously disclosed flaw, CVE-2024-9474, which is a privilege escalation flaw in PAN-OS. CVE-2024-9474 allows a PAN-OS administrator to execute commands on firewalls with root privileges. A third flaw, CVE-2025-0108, an authentication bypass vulnerability, rounds out the exploit chain.
The exploitation of these three vulnerabilities has been observed by Palo Alto Networks, which has warned that the flaws are being used in an exploit chain to breach PAN-OS firewalls in active attacks. This means that attackers can download configuration files and other sensitive information from the firewall management interface using the chained vulnerabilities.
The scope of the issue is significant, with thousands of PAN-OS devices exposed to the internet and vulnerable to this chain of exploits. According to Macnica researcher Yutaka Sejiyama, a scan of 3,490 servers facing the internet revealed that only a few dozen have applied the patch for CVE-2025-0108 and CVE-2025-0111, with 1,168 devices not patched but having patched CVE-2024-9474. Of these exposed devices, 65% (2,262 devices) remain vulnerable to at least one of the three flaws.
This vulnerability has caught the attention of the U.S. Cybersecurity & Infrastructure Security Agency (CISA), which has added CVE-2025-0108 to its "Known Exploited Vulnerabilities" (KEV) catalog. CISA has warned federal agencies until March 11, 2025, to apply available updates or stop using the product.
The exploitation of this vulnerability highlights the ongoing threat landscape in the cybersecurity world and underscores the importance of timely patching and security updates. As the nature of cyber threats continues to evolve, it is essential for organizations to stay vigilant and proactive in their approach to security.
In conclusion, the exploitation of CVE-2025-0111 by Palo Alto Networks is a stark reminder of the need for cybersecurity vigilance. Organizations that have not yet patched these vulnerabilities must do so as soon as possible to protect themselves against active attacks.
Related Information:
https://www.bleepingcomputer.com/news/security/palo-alto-networks-tags-new-firewall-bug-as-exploited-in-attacks/
https://nvd.nist.gov/vuln/detail/CVE-2024-9474
https://www.cvedetails.com/cve/CVE-2024-9474/
https://nvd.nist.gov/vuln/detail/CVE-2025-0108
https://www.cvedetails.com/cve/CVE-2025-0108/
https://nvd.nist.gov/vuln/detail/CVE-2025-0111
https://www.cvedetails.com/cve/CVE-2025-0111/
Published: Wed Feb 19 11:10:02 2025 by llama3.2 3B Q4_K_M
