U.S. cybersecurity big Palo Alto Networks has warned that hackers are exploiting one other vulnerability in its firewall software program to interrupt into unpatched buyer networks.
Attackers are exploiting a just lately disclosed vulnerability in PAN-OS, the working system that runs Palo Alto Networks firewalls, the California-based firm confirmed on Tuesday.
Cybersecurity agency Assetnote first found the vulnerability, tracked as CVE-2025-0108, earlier this month whereas analyzing two earlier Palo Alto firewall vulnerabilities that had been utilized in earlier assaults.
Palo Alto Networks launched an advisory on the identical day and urged clients to urgently patch in opposition to the newest bug. The corporate up to date its advisory on Tuesday to warn that the vulnerability is underneath energetic assault.
The corporate stated malicious attackers are chaining the vulnerability with two beforehand disclosed flaws — CVE-2024-9474 and CVE-2025-0111 — to focus on unpatched and unsecured PAN-OS net administration interfaces. CVE-2024-9474 has been exploited in assaults since November 2024, we beforehand reported.
Palo Alto Networks hasn’t defined how the three vulnerabilities are being chained collectively by hackers, however famous that the complexity of the assault is “low.”
The dimensions of the exploitation will not be but identified, however menace intelligence startup GreyNoise stated in a weblog submit on Tuesday that it has noticed 25 IP addresses actively exploiting the PAN-OS vulnerability, up from two IP addresses on February 13, suggesting an uptick in exploitation exercise. The exploitation makes an attempt have been flagged by GreyNoise as “malicious,” suggesting that menace actors are behind the exploitation quite than safety researchers.
“This high-severity flaw permits unauthenticated attackers to execute particular PHP scripts, probably resulting in unauthorized entry to susceptible techniques,” GreyNoise stated.
GreyNoise says it has noticed the very best ranges of assault site visitors within the U.S., Germany, and the Netherlands.
It’s not identified who’s behind these assaults, or whether or not any delicate information has been stolen from clients’ networks. Palo Alto Networks didn’t instantly reply to TechCrunch’s questions.
CISA, the U.S. authorities’s cybersecurity company, added the newest Palo Alto bug to its publicly listed Identified Exploited Vulnerabilities (KEV) catalog on Tuesday.
