GreyNoise Observes Active Exploitation of PAN-OS Authentication Bypass Vulnerability (CVE-2025-0108)

GreyNoise has observed active exploitation attempts targeting a newly disclosed authentication bypass vulnerability, CVE-2025-0108, affecting Palo Alto Networks PAN-OS. This high-severity flaw allows unauthenticated attackers to execute specific PHP scripts, potentially leading to unauthorized access to vulnerable systems.

Active Exploitation Detected in the Wild

GreyNoise can confirm active exploitation of CVE-2025-0108.

Organizations relying on PAN-OS firewalls should assume that unpatched devices are being targeted and take immediate steps to secure them.

‍

VIEW LIVE EXPLOITATION ACTIVITY

‍

‍

Mitigation Steps: Act Now

Defenders should take the following steps immediately:

Apply security patches for PAN-OS as soon as possible.
Restrict access to firewall management interfaces — ensure they are not publicly exposed.
Monitor active exploitation trends with GreyNoise’s CVE-2025-0108 tag.

GreyNoise will continue tracking this threat as it evolves. Stay ahead of exploitation attempts by leveraging GreyNoise’s real-time intelligence.

‍

BLOCK MALICIOUS IPs

‍

This article is a summary of the full, in-depth version on the GreyNoise Labs blog.

Read the full report

GreyNoise Observes Active Exploitation of PAN-OS Authentication Bypass Vulnerability (CVE-2025-0108)

Active Exploitation Detected in the Wild

Mitigation Steps: Act Now

Get the latest blog articles delivered right to your inbox.

Related content

GreyNoise Observes Active Exploitation of PAN-OS Authentication Bypass Vulnerability (CVE-2025-0108)

New Exploitation Surge: Attackers Target ThinkPHP and ownCloud Flaws at Scale

Active Exploitation of Zero-day Zyxel CPE Vulnerability (CVE-2024-40891)