Discovery of CVE-2025-0108 got here from post-patch analysis of CVE-2024-9474, a medium-severity flaw (CVSS 6.9/10) that was actively exploited in November. At the moment, attackers had been seen chaining CVE-2024-9474 with one other important authentication bypass vulnerability (CVE-2024-0012) affecting PAN-OS, and collectively they allowed executing codes remotely on compromised methods.
Now menace actors are chaining CVE-2025-0108, and CVE-2024-9474 with a high-severity flaw (CVE-2025-0111) for unauthorized root-level entry to weak methods, probably permitting extraction of delicate configuration information and person credentials.
All three vulnerabilities have an effect on PAN-OS variations 10.1, 10.2, 11.1, and 11.2, and have acquired patches respectively. Palo Alto Networks confirmed that its Cloud NGFW and Prisma Entry companies will not be impacted.
