Palo Alto Networks has discovered active exploitation of multiple security vulnerabilities that give attackers root-level access to their firewall systems. The company recently patched a high-severity authentication bypass flaw (CVE-2025-0108) that hackers are now combining with older vulnerabilities to compromise firewall defenses.
The authentication bypass vulnerability allows unauthorized users to access the PAN-OS management web interface if exposed to the internet. While rated 8.8 out of 10 in severity when the management interface is publicly accessible, the risk drops to 5.9 when access is limited to trusted IP addresses.
Attackers are exploiting this flaw alongside two previously known vulnerabilities - CVE-2024-9474 and CVE-2025-0111. By chaining these bugs together, malicious actors can gain root-level system access, potentially exposing sensitive configuration data and user credentials.
The affected software versions include PAN-OS 10.1, 10.2, 11.1, and 11.2. The company's Cloud NGFW and Prisma Access services remain unaffected by these vulnerabilities.
To protect systems, administrators should immediately apply available patches and restrict management interface access to trusted internal IP addresses only. Organizations with Threat Prevention subscriptions can enable specific threat IDs to block exploitation attempts.
This incident follows a similar attack pattern from November 2023, when hackers exploited CVE-2024-9474 in combination with another critical authentication bypass vulnerability to execute malicious code on compromised systems.