Palo Alto warns another major firewall hack has been detected

Palo Alto Networks is warning of an ongoing attack against its firewalls
The threat actors are chaining multiple flaws together
The goal is to download configuration files

Palo Alto Networks has warned its users of an ongoing attack that chains multiple vulnerabilities together to download configuration files and other sensitive information.

The cybersecurity company warned its users about CVE-2025-0111, a 7.1/10 (high-severity) file read vulnerability plaguing PAN-OS firewalls. This bug allows an authenticated attacker with network access to access the management web interface and read files usually readable by the “nobody” user.

The bug was fixed on February 12, 2025, when Palo Alto released a fix and urged users to apply it.

Diversion

On the same day, the company addressed a separate vulnerability, tracked as CVE-2025-0108. This one is an authentication bypass in PAN-OS that enables an unauthenticated attacker with network access to the web interface to bypass the authentication otherwise required by the PAN-OS interface, and invoke certain PHP scripts.

Finally, in mid-November 2024, Palo Alto fixed a privilege escalation bug tracked as CVE-20204-9474. Now, researchers are saying that these three are being chained together in ongoing attacks.

“Palo Alto Networks has observed exploit attempts chaining CVE-2025-0108 with CVE-2024-9474 and CVE-2025-0111 on unpatched and unsecured PAN-OS web management interfaces,” it was said in the security advisory.

The company did not discuss the details of the attack, but BleepingComputer found that they are being used to download configuration files and other sensitive information.

So far, at least 25 different IP addresses were observed targeting CVE-2025-0108, up from just two a week ago. The top sources of the attacks seem to be the US, Germany, and the Netherlands, although this doesn’t necessarily mean the threat actors are located there.

While the community rushes to apply the patch and mitigate potential risks, the US Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2025-0108 to its ‘Known Exploited Vulnerabilities’ (KEV) catalog, giving users until March 11 to patch up.

https://cdn.mos.cms.futurecdn.net/aUnasGQ8hmeK7522DmUfQh-1200-80.jpg

Source link

I just tested the new WordPress AI website builder and I’m surprised others don’t like it

Enjoy 10% off any LegalZoom product or service with with our exclusive code

De’Longhi’s smart espresso machine learns what type of coffee you enjoy, and when you want to drink it

World Password Day top deals: Early offers from trusted password managers

Ex-Israeli Intelligence Official: Shockwaves of Trump’s “Take Over Gaza” Heard, Felt Across Region

What UK political parties are promising in the 2019 general election

Otto Warmbier’s parents want North Korea to suffer for their son’s death

Could a ‘youthquake’ cause Boris Johnson to lose the general election?

Which Celebrity Styles Americans Copy Most in 2025: New Study

New ‘Westworld’ trailer introduces us to another dystopian tech company

What’s the point of ‘Charlie’s Angels’ without Sam Rockwell dancing?

These striking photos capture the future of human flight

J&E Davy trades Dalata Hotel shares ahead of takeover

German economy grew by 0.2% in first quarter

German unemployment rate rises to decade high

French consumer prices rise more than expected in April

The YouTuber who has become one of Gen Z’s most beloved celebrities

26 last-minute holiday gifts that are still thoughtful and unique

Practicing gratitude regularly can make you less stressed and sleep better

8 things millennials wish you would just stop getting them for the holidays

Palo Alto warns another major firewall hack has been detected

J&E Davy trades Dalata Hotel shares ahead of takeover

I just tested the new WordPress AI website builder and I’m surprised others don’t like it

German economy grew by 0.2% in first quarter

German unemployment rate rises to decade high