Palo Alto Networks, a leading cybersecurity firm, has issued a warning regarding a critical vulnerability in its firewall software that is actively being exploited by malicious actors. The flaw, designated as CVE-2025-0108, affects PAN-OS, the operating system for Palo Alto Networks firewalls.
Hackers are utilizing the vulnerability to breach unpatched customer networks, linking it with two previously disclosed flaws (CVE-2024-9474 and CVE-2025-0111) targeting vulnerable web management interfaces. Palo Alto Networks recommends immediate patching to address the vulnerability, which has a low attack complexity level.
Threat intelligence company GreyNoise has observed a surge in exploitation activity, with 25 IP addresses actively exploiting the flaw, primarily targeting the United States, Germany, and the Netherlands. It is unclear whether any sensitive data has been compromised or the identity of the attackers.
The U.S. government’s Cybersecurity and Infrastructure Security Agency (CISA) has added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. Palo Alto Networks has yet to provide further details on the exploitation method.
Original source: Read the full article on TechCrunch
