In the interconnected world of cybersecurity, the constant evolution of threats presents significant challenges for organizations that rely on sophisticated technologies to protect their data and systems. Attackers continuously find new ways to exploit vulnerabilities in key infrastructures, endangering both the confidentiality and integrity of data, as well as the continuity of services.
Cyber threats are becoming increasingly complex, and attackers not only seek to exploit known security flaws but also to discover new ways to infiltrate networks and systems, often in a stealthy and persistent manner. One of the most recent examples of these attacks is the critical vulnerability detected in PAN-OS software, the operating system that runs Palo Alto Networks' firewall.
This vulnerability in Palo Alto Networks' firewall, identified as CVE-2025-0108, affects a wide range of security devices used by organizations around the world. The vulnerability in Palo Alto Networks' firewall allows unauthenticated attackers to bypass the system's security mechanisms, granting them unauthorized access to internal systems and, in many cases, allowing them to execute malicious actions.
This type of failure in Palo Alto Networks' firewall, which compromises the security of critical infrastructure, can open the door to devastating attacks if not mitigated in time. The problem is further compounded by the discovery that this vulnerability in Palo Alto Networks' firewall is not an isolated incident, but is linked to other security flaws that also affect PAN-OS.
Malicious attackers have started chaining several vulnerabilities in Palo Alto Networks' firewall, such as CVE-2024-9474 and CVE-2025-0111, which amplifies the risk of a more effective and widespread attack. The combination of these errors in Palo Alto Networks' firewall could allow attackers to gain elevated privileges and execute malicious commands without being detected.
This article from ITD Consulting analyzes the implications of this series of vulnerabilities in Palo Alto Networks' firewall, the risks associated with their active exploitation, and the urgent measures companies must take to protect their systems before it's too late.
The Context of Vulnerabilities in PAN-OS
PAN-OS is the operating system used by Palo Alto Networks' firewall, one of the most prominent companies in the field of cybersecurity. The functionality of PAN-OS spans across various layers of protection, helping organizations defend against a variety of cyber threats. However, as with any complex software, vulnerabilities can arise, such as the one detected by Palo Alto Networks' firewall.
In recent months, Palo Alto Networks has had to face several critical threats, the most recent being the CVE-2025-0108 vulnerability, which affects the web management interface of PAN-OS. This type of vulnerability in Palo Alto Networks, which allows attackers to bypass authentication, is especially dangerous because it can lead to unauthorized access to entire systems without the need for valid credentials.
Although the vulnerability in Palo Alto Networks does not allow remote code execution, the implications remain severe. Attackers of Palo Alto Networks' firewall can gain access to administrative configurations and alter key parameters, which would compromise the overall security of the network and could allow them to steal sensitive data or deploy other types of malware.
However, CVE-2025-0108 is not the only threat facing PAN-OS systems. Since November 2024, other critical vulnerabilities had already been detected, such as CVE-2024-9474, which allowed privilege escalation and facilitated unauthorized access to the platform. While this vulnerability had been patched quickly by Palo Alto Networks, attackers were actively exploiting it in combination with other flaws to maximize their impact.
CVE-2025-0108 is especially critical because it affects the ability of systems to correctly validate users, which opens the door to unauthorized access that could allow attackers to execute malicious PHP scripts. If these scripts are successfully executed, they could disable system protections, alter critical configurations, and potentially allow full control of Palo Alto Networks' firewall.
The Chain of Vulnerabilities: An Even Greater Threat
What makes this vulnerability in Palo Alto Networks' firewall even more alarming is the possibility that it could be exploited in conjunction with other security flaws previously identified in PAN-OS. CVE-2024-9474, which refers to a privilege escalation in the web management interface, and CVE-2025-0111, a vulnerability in Palo Alto Networks' firewall affecting the execution of certain scripts, create a chain of errors that attackers could use to access the deeper systems of affected networks.
By chaining these vulnerabilities in Palo Alto Networks' firewall, attackers can not only bypass authentication barriers, but also gain administrator privileges and execute commands on the affected systems. This turns Palo Alto Networks' firewalls into a vulnerable gateway for attacks, putting at risk the integrity and confidentiality of the data they protect.
The fact that these vulnerabilities in Palo Alto Networks' firewall can be exploited simultaneously presents an even greater challenge for organizations, as protecting a single layer of security is not enough to protect them. As attackers of Palo Alto Networks' firewalls find new ways to exploit security flaws, companies must quickly adapt to protect their networks from these types of threats.
The chain of vulnerabilities in Palo Alto Networks' firewall thus becomes a much greater threat, and those who do not take the necessary measures in time could suffer devastating attacks. Additionally, attackers can use the chained vulnerabilities to bypass detection or protection mechanisms, making it more difficult to identify the attacks.
This level of sophistication makes the defense task more complex, as security teams must be prepared to address multiple attack vectors and mitigate their consequences before it is too late.
Ongoing Attack: Global Impact and Affected Sectors
Since the vulnerability in Palo Alto Networks' firewall was identified, researchers have observed a significant increase in the active exploitation of this flaw. According to a report by the threat intelligence firm GreyNoise, at least 25 IP addresses have been identified as active attack points, which marks an increase from only two IP addresses detected in the early days of exploitation.
This increase is indicative of attackers using automated tools to exploit vulnerabilities more efficiently, allowing for greater spread of the attacks. The attacks have primarily targeted systems exposed to the Internet without the necessary security updates, making the networks of certain organizations particularly vulnerable.
The most affected countries include the U.S., Germany, and the Netherlands, where a higher concentration of attack traffic has been observed. This suggests that the exploitation of the vulnerability has a global reach, affecting various industries and organizations of different sizes.
The fact that vulnerabilities are being exploited by multiple threat actors indicates that attackers are quickly identifying vulnerable systems and targeting those that have not applied security patches. Although it is still unclear whether attackers have gained access to sensitive data, the observed activity suggests that cybercriminals are using these vulnerabilities to gain access to systems without proper security measures.
This has raised concerns in critical sectors such as financial, healthcare, and government, where the impact of a successful attack could be devastating. Exposing key systems to the internet without proper protection increases the risk that attackers could steal confidential information, compromise the technological infrastructure of businesses, or even disrupt essential services.
The Risk for Exposed Networks and the Importance of Updates
One of the factors that increases the risk of this vulnerability is the exposure of affected systems to the Internet without proper patches. Many organizations operate PAN-OS systems with web management interfaces accessible from external networks.
If these interfaces are not properly protected and critical updates are not applied, attackers can exploit the vulnerability, such as the one in Palo Alto Networks' firewall, without needing to go through authentication processes, making access easier.
This type of vulnerability is particularly concerning because many organizations do not apply security updates immediately, either due to a lack of resources or a false sense of security. As attackers discover new ways to exploit these vulnerabilities, the risk of an organization being compromised significantly increases.
It is vital that companies apply the security updates provided by Palo Alto Networks as soon as possible. Vulnerable PAN-OS versions include 10.1, 10.2, 11.0, 11.1, and 11.2, and the company has released patches to address the CVE-2025-0108 flaw. The fixed versions are:
- PAN-OS 11.2: 11.2.4-h4 or later
- PAN-OS 11.1: 11.1.6-h1 or later
- PAN-OS 10.2: 10.2.13-h3 or later
- PAN-OS 10.1: 10.1.14-h9 or later
Additionally, as an additional mitigation measure, it is recommended to restrict access to the web management interface only to trusted internal IP addresses. This step is crucial in reducing the risk of the vulnerability in Palo Alto Networks' firewall being exploited by external actors.
Recommendations to Mitigate Risks
To minimize the impact of this Palo Alto Networks firewall vulnerability and reduce the likelihood of a successful attack, organizations should follow a series of steps recommended by Palo Alto Networks and other cybersecurity experts:
- Apply patches immediately: The most urgent action is to apply the recommended security updates to fix the vulnerabilities in PAN-OS in Palo Alto Networks' firewall. Ignoring updates could leave networks vulnerable to attacks with severe consequences. Security updates must be applied without delay, as attackers continue to actively exploit these vulnerabilities.
- Review access configuration: Ensure that management interfaces are only accessible from secure internal networks. This may include implementing VPNs or stricter authentication systems to protect remote access. One of the main weaknesses of this vulnerability is that attackers can exploit remote access to gain full control of affected systems, making exposed networks an easy target.
- Monitor network traffic: It is crucial to be alert to unusual traffic patterns that may indicate attempts to exploit vulnerabilities. Using monitoring and traffic analysis tools can help detect attacks at their early stages. Constant monitoring of network traffic can also help identify other vulnerabilities that may be exploited simultaneously.
- Educate employees about security: The human factor remains one of the weakest points in cybersecurity. Training employees on best security practices can significantly reduce the risk of a successful attack. Ongoing education about risks and preventive measures is essential for maintaining the security of organizations over time.
The active exploitation of critical vulnerabilities in Palo Alto Networks' firewall, such as CVE-2025-0108, once again highlights the inherent vulnerability organizations face in today's digital world. Although security solutions like those from Palo Alto Networks play a crucial role in protecting infrastructures, the ultimate responsibility lies with the companies themselves to keep their systems protected.
Despite the efforts of providers to detect and correct security flaws, the current cyber threat landscape demands a broader strategy, one that doesn’t just rely on incident response but on proactive preparation and prevention. In this regard, organizations must be aware that cyber threats are constantly evolving, and what is a known threat today could become a sophisticated attack vector tomorrow.
It’s not enough to apply patches or conduct periodic security audits; a comprehensive approach is required, one that considers all layers of the IT infrastructure, from firewalls to endpoint devices. Cybersecurity must be a continuous effort that combines technology, ongoing employee training, and an organizational culture focused on the protection of data and systems.
Moreover, collaboration is essential in this effort. The fight against cyber threats should not be seen as an isolated challenge for each organization, but as a shared responsibility. Companies, security researchers, and government agencies must work together to identify emerging vulnerabilities, share threat intelligence, and develop common standards and policies to strengthen security globally.
Strategic partnerships, both nationally and internationally, are key to creating a robust defense network that can respond quickly to complex cyberattacks. Finally, it’s crucial that organizations recognize that cybersecurity is not an expense, but a necessary investment to protect the integrity of their data, the trust of their clients, and the stability of their operations.
The costs of failing to adequately address cyber threats can be devastating, both financially and reputationally. In an increasingly interconnected digital environment, businesses must be prepared to anticipate attacks, adapt quickly to changes in the threat landscape, and keep their systems consistently updated. Only then can they ensure a secure digital environment for their operations and contribute to building a more protected and resilient world against cyber threats.
If you want to learn more about the best cybersecurity measures at your disposal to be prepared for threats like those in Palo Alto Networks' firewall, contact us at [email protected]. We have tailor-made technological solutions to secure your cybersecurity with the latest.
EN 
ES