About the Vulnerability
Introduction
PAN-OS is an operating system developed by Palo Alto Networks, designed to provide comprehensive security protection for enterprise networks. This operating system is highly scalable and flexible, capable of adapting to network environments of various sizes and types. PAN-OS integrates a variety of security features, including firewalls, intrusion detection and prevention, and virtual private networks, effectively safeguarding enterprise networks against a wide range of cyber threats. Additionally, PAN-OS offers an intuitive and user-friendly management interface along with robust analytical tools, enabling enterprise administrators to better manage and protect their networks.
Summary
On February 13, 2025, Sangfor FarSight Labs received notification that a Palo Alto Networks PAN-OS component contains information of Authentication Bypass vulnerability(CVE-2025-0108), classified as high in threat level.
Palo Alto Networks PAN-OS contains an authentication bypass vulnerability. Unauthorized attackers can exploit this vulnerability to bypass permission access to the management web interface and further execute arbitrary code via PHP scripts, leading to server compromise.
Affected Versions
PAN-OS 11.2 < 11.2.4-h4
PAN-OS 11.1 < 11.1.6-h1
PAN-OS 10.2 < 10.2.13-h3
PAN-OS 10.1 < 10.1.14-h9
Vulnerability Reproduction
This vulnerability has been reproduced by Sangfor FarSight Labs.

Solutions
Remediation Solutions
Official Solution
The latest version has been officially released to fix the vulnerability. Affected users are recommended to update the version of Palo Alto Networks PAN-OS to the following versions.
PAN-OS 11.2.4-h4
PAN-OS 11.1.6-h1
PAN-OS 10.2.13-h3
PAN-OS 10.1.14-h9
Download link:
https://security.paloaltonetworks.com/CVE-2025-0108
Sangfor Solutions
Vulnerability Proactive Detection
Support is provided for proactive detection of Palo Alto Networks PAN-OS Authentication Bypass Vulnerability (CVE-2025-0108); and it is capable of quickly batch identifying whether there are vulnerability risks in business scenarios. Related products are as follows:
[Sangfor Cyber Guardian MDR] is expected to release a detection scheme on February 17, 2025, with Rule ID: SF-0005-01002.
[Sangfor Omni-Command XDR] is expected to release a detection scheme on February 16, 2025, with Rule ID: SF-2025-01001.
Vulnerability Security Detection
Support is provided for monitoring Palo Alto Networks PAN-OS Authentication Bypass Vulnerability (CVE-2025-0108); and it is capable of monitoring the affected asset conditions in business scenarios in real-time based on traffic collection, and quickly checking the scope of impact. Related products and services are as follows:
[Sangfor Cyber Command] is expected to release a monitoring scheme on February 21, 2025, with Rule ID: 11027454.
[Sangfor Cyber Guardian MDR] is expected to release a monitoring scheme on February 21, 2025 (requiring Cyber Command component capabilities), with Rule ID: 11027454.
[Sangfor Omni-Command XDR] is expected to release a monitoring scheme on February 21, 2025, with Rule ID: 11027454.
Security Protection
Support is provided for defense against Palo Alto Networks PAN-OS Authentication Bypass Vulnerability (CVE-2025-0108); and it is capable of blocking attackers' intrusion targeting this event. Related products and services are as follows:
[Sangfor Network Secure] is expected to release a protection scheme on February 21, 2025, with Rule ID: 11027454.
[Sangfor WAF] is expected to release a protection scheme on February 21, 2025, with Rule ID: 11027454.
[Sangfor Cyber Guardian MDR] is expected to release a protection scheme (requiring Network Secure component capabilities) on February 21, 2025, with Rule ID: 11027454.
[Sangfor Omni-Command XDR] is expected to release a protection scheme (requiring Network Secure component capabilities) on February 21, 2025, with Rule ID: 11027454.
Timeline
On February 13, 2025, Sangfor FarSight Labs received notification of Palo Alto Networks PAN-OS Authentication Bypass Vulnerability.
On February 13, 2025, Sangfor FarSight Labs released a vulnerability alert.
Reference
https://security.paloaltonetworks.com/CVE-2025-0108