Admins with firewalls from Palo Alto Networks should make sure the devices are fully patched and the management interface blocked from open internet access after the discovery this week of a zero-day login authentication bypass in the PAN-OS operating system.
The discovery of the vulnerability (CVE-2025-0108) was made by researchers at Assetnote and, according to researchers at Greynoise, is already being exploited.
For its part, Palo Alto Networks (PAN) said administrators can “greatly reduce the risk” of exploitation by restricting access to the management web interface to only trusted internal IP addresses, according to its recommended best practices deployment guidelines. “This will ensure that attacks can succeed only if they obtain privileged access through those specified IP addresses,” the company said.