CVE-2025-0108
12.02.2025, 21:15
An authentication bypass in the Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to bypass the authentication otherwise required by the PAN-OS management web interface and invoke certain PHP scripts. While invoking these PHP scripts does not enable remote code execution, it can negatively impact integrity and confidentiality of PAN-OS. You can greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended best practices deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue does not affect Cloud NGFW or Prisma Access software.Enginsight
| Vendor | Product | Version |
|---|---|---|
| paloaltonetworks | pan-os | 10.1.0 ≤ 𝑥 < 10.1.14 |
| paloaltonetworks | pan-os | 10.2.0 ≤ 𝑥 < 10.2.7 |
| paloaltonetworks | pan-os | 10.2.10 ≤ 𝑥 < 10.2.12 |
| paloaltonetworks | pan-os | 11.2.0 ≤ 𝑥 < 11.2.4 |
| paloaltonetworks | pan-os | 10.1.14 |
| paloaltonetworks | pan-os | 10.1.14:h1 |
| paloaltonetworks | pan-os | 10.1.14:h2 |
| paloaltonetworks | pan-os | 10.1.14:h3 |
| paloaltonetworks | pan-os | 10.1.14:h4 |
| paloaltonetworks | pan-os | 10.1.14:h5 |
| paloaltonetworks | pan-os | 10.1.14:h6 |
| paloaltonetworks | pan-os | 10.1.14:h7 |
| paloaltonetworks | pan-os | 10.1.14:h8 |
| paloaltonetworks | pan-os | 10.2.7 |
| paloaltonetworks | pan-os | 10.2.7:h1 |
| paloaltonetworks | pan-os | 10.2.7:h10 |
| paloaltonetworks | pan-os | 10.2.7:h11 |
| paloaltonetworks | pan-os | 10.2.7:h12 |
| paloaltonetworks | pan-os | 10.2.7:h13 |
| paloaltonetworks | pan-os | 10.2.7:h14 |
| paloaltonetworks | pan-os | 10.2.7:h15 |
| paloaltonetworks | pan-os | 10.2.7:h16 |
| paloaltonetworks | pan-os | 10.2.7:h17 |
| paloaltonetworks | pan-os | 10.2.7:h18 |
| paloaltonetworks | pan-os | 10.2.7:h19 |
| paloaltonetworks | pan-os | 10.2.7:h2 |
| paloaltonetworks | pan-os | 10.2.7:h20 |
| paloaltonetworks | pan-os | 10.2.7:h21 |
| paloaltonetworks | pan-os | 10.2.7:h22 |
| paloaltonetworks | pan-os | 10.2.7:h23 |
| paloaltonetworks | pan-os | 10.2.7:h3 |
| paloaltonetworks | pan-os | 10.2.7:h4 |
| paloaltonetworks | pan-os | 10.2.7:h5 |
| paloaltonetworks | pan-os | 10.2.7:h6 |
| paloaltonetworks | pan-os | 10.2.7:h7 |
| paloaltonetworks | pan-os | 10.2.7:h8 |
| paloaltonetworks | pan-os | 10.2.7:h9 |
| paloaltonetworks | pan-os | 10.2.8 |
| paloaltonetworks | pan-os | 10.2.8 |
| paloaltonetworks | pan-os | 10.2.8:h1 |
| paloaltonetworks | pan-os | 10.2.8:h10 |
| paloaltonetworks | pan-os | 10.2.8:h11 |
| paloaltonetworks | pan-os | 10.2.8:h12 |
| paloaltonetworks | pan-os | 10.2.8:h13 |
| paloaltonetworks | pan-os | 10.2.8:h14 |
| paloaltonetworks | pan-os | 10.2.8:h15 |
| paloaltonetworks | pan-os | 10.2.8:h16 |
| paloaltonetworks | pan-os | 10.2.8:h17 |
| paloaltonetworks | pan-os | 10.2.8:h18 |
| paloaltonetworks | pan-os | 10.2.8:h19 |
| paloaltonetworks | pan-os | 10.2.8:h2 |
| paloaltonetworks | pan-os | 10.2.8:h20 |
| paloaltonetworks | pan-os | 10.2.8:h3 |
| paloaltonetworks | pan-os | 10.2.8:h4 |
| paloaltonetworks | pan-os | 10.2.8:h5 |
| paloaltonetworks | pan-os | 10.2.8:h6 |
| paloaltonetworks | pan-os | 10.2.8:h7 |
| paloaltonetworks | pan-os | 10.2.8:h8 |
| paloaltonetworks | pan-os | 10.2.8:h9 |
| paloaltonetworks | pan-os | 10.2.9 |
| paloaltonetworks | pan-os | 10.2.9:h1 |
| paloaltonetworks | pan-os | 10.2.9:h11 |
| paloaltonetworks | pan-os | 10.2.9:h12 |
| paloaltonetworks | pan-os | 10.2.9:h13 |
| paloaltonetworks | pan-os | 10.2.9:h14 |
| paloaltonetworks | pan-os | 10.2.9:h15 |
| paloaltonetworks | pan-os | 10.2.9:h16 |
| paloaltonetworks | pan-os | 10.2.9:h17 |
| paloaltonetworks | pan-os | 10.2.9:h18 |
| paloaltonetworks | pan-os | 10.2.9:h19 |
| paloaltonetworks | pan-os | 10.2.9:h2 |
| paloaltonetworks | pan-os | 10.2.9:h20 |
| paloaltonetworks | pan-os | 10.2.9:h3 |
| paloaltonetworks | pan-os | 10.2.9:h4 |
| paloaltonetworks | pan-os | 10.2.9:h5 |
| paloaltonetworks | pan-os | 10.2.9:h6 |
| paloaltonetworks | pan-os | 10.2.9:h7 |
| paloaltonetworks | pan-os | 10.2.9:h8 |
| paloaltonetworks | pan-os | 10.2.9:h9 |
| paloaltonetworks | pan-os | 10.2.10:h1 |
| paloaltonetworks | pan-os | 10.2.10:h10 |
| paloaltonetworks | pan-os | 10.2.10:h11 |
| paloaltonetworks | pan-os | 10.2.10:h12 |
| paloaltonetworks | pan-os | 10.2.10:h13 |
| paloaltonetworks | pan-os | 10.2.10:h14 |
| paloaltonetworks | pan-os | 10.2.10:h2 |
| paloaltonetworks | pan-os | 10.2.10:h3 |
| paloaltonetworks | pan-os | 10.2.10:h4 |
| paloaltonetworks | pan-os | 10.2.10:h5 |
| paloaltonetworks | pan-os | 10.2.10:h6 |
| paloaltonetworks | pan-os | 10.2.10:h7 |
| paloaltonetworks | pan-os | 10.2.10:h8 |
| paloaltonetworks | pan-os | 10.2.10:h9 |
| paloaltonetworks | pan-os | 10.2.11:h1 |
| paloaltonetworks | pan-os | 10.2.11:h10 |
| paloaltonetworks | pan-os | 10.2.11:h11 |
| paloaltonetworks | pan-os | 10.2.11:h2 |
| paloaltonetworks | pan-os | 10.2.11:h3 |
| paloaltonetworks | pan-os | 10.2.11:h4 |
| paloaltonetworks | pan-os | 10.2.11:h5 |
| paloaltonetworks | pan-os | 10.2.11:h6 |
| paloaltonetworks | pan-os | 10.2.11:h7 |
| paloaltonetworks | pan-os | 10.2.11:h8 |
| paloaltonetworks | pan-os | 10.2.11:h9 |
| paloaltonetworks | pan-os | 10.2.12 |
| paloaltonetworks | pan-os | 10.2.12:h1 |
| paloaltonetworks | pan-os | 10.2.12:h2 |
| paloaltonetworks | pan-os | 10.2.12:h3 |
| paloaltonetworks | pan-os | 10.2.12:h4 |
| paloaltonetworks | pan-os | 10.2.12:h5 |
| paloaltonetworks | pan-os | 10.2.13 |
| paloaltonetworks | pan-os | 10.2.13:h1 |
| paloaltonetworks | pan-os | 10.2.13:h2 |
| paloaltonetworks | pan-os | 11.1.0 |
| paloaltonetworks | pan-os | 11.1.1 |
| paloaltonetworks | pan-os | 11.1.2 |
| paloaltonetworks | pan-os | 11.1.2:h1 |
| paloaltonetworks | pan-os | 11.1.2:h10 |
| paloaltonetworks | pan-os | 11.1.2:h11 |
| paloaltonetworks | pan-os | 11.1.2:h12 |
| paloaltonetworks | pan-os | 11.1.2:h13 |
| paloaltonetworks | pan-os | 11.1.2:h14 |
| paloaltonetworks | pan-os | 11.1.2:h15 |
| paloaltonetworks | pan-os | 11.1.2:h16 |
| paloaltonetworks | pan-os | 11.1.2:h17 |
| paloaltonetworks | pan-os | 11.1.2:h2 |
| paloaltonetworks | pan-os | 11.1.2:h3 |
| paloaltonetworks | pan-os | 11.1.2:h4 |
| paloaltonetworks | pan-os | 11.1.2:h5 |
| paloaltonetworks | pan-os | 11.1.2:h6 |
| paloaltonetworks | pan-os | 11.1.2:h7 |
| paloaltonetworks | pan-os | 11.1.2:h8 |
| paloaltonetworks | pan-os | 11.1.2:h9 |
| paloaltonetworks | pan-os | 11.1.3 |
| paloaltonetworks | pan-os | 11.1.4 |
| paloaltonetworks | pan-os | 11.1.4:h1 |
| paloaltonetworks | pan-os | 11.1.4:h10 |
| paloaltonetworks | pan-os | 11.1.4:h11 |
| paloaltonetworks | pan-os | 11.1.4:h12 |
| paloaltonetworks | pan-os | 11.1.4:h2 |
| paloaltonetworks | pan-os | 11.1.4:h3 |
| paloaltonetworks | pan-os | 11.1.4:h4 |
| paloaltonetworks | pan-os | 11.1.4:h5 |
| paloaltonetworks | pan-os | 11.1.4:h6 |
| paloaltonetworks | pan-os | 11.1.4:h7 |
| paloaltonetworks | pan-os | 11.1.4:h8 |
| paloaltonetworks | pan-os | 11.1.4:h9 |
| paloaltonetworks | pan-os | 11.1.5 |
| paloaltonetworks | pan-os | 11.1.6 |
| paloaltonetworks | pan-os | 11.2.4 |
| paloaltonetworks | pan-os | 11.2.4:h1 |
| paloaltonetworks | pan-os | 11.2.4:h2 |
| paloaltonetworks | pan-os | 11.2.4:h3 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References