Palo Alto Networks has disclosed a zero-day PAN-OS authentication bypass vulnerability, tracked as CVE-2025-010. The flaw allows attackers to access certain PHP scripts on the management web interface without authentication. It has been assigned a CVSS score of 8.8 and affects multiple PAN-OS versions.
Vulnerability Overview
The issue stems from missing authentication controls in the web interface. An attacker with network access to an affected PAN-OS system can exploit this flaw to bypass authentication on the management web interface. While this does not allow remote code execution, it can compromise system integrity and expose sensitive information.
This vulnerability is categorized as:
- CWE-306: Missing Authentication for Critical Function
- CAPEC-115: Authentication Bypass
Palo Alto Networks has confirmed that Cloud NGFW and Prisma Access solutions are not impacted.
Impacted PAN-OS Versions
| PAN-OS Version | Affected Versions | Unaffected Versions |
| 11.2 | < 11.2.4-h4 | >= 11.2.4-h4 |
| 11.1 | < 11.1.6-h1 | >= 11.1.6-h1 |
| 10.2 | < 10.2.13-h3 | >= 10.2.13-h3 |
| 10.1 | < 10.1.14-h9 | >= 10.1.14-h9 |
PAN-OS 11.0 has reached end-of-life (EOL) as of November 17, 2024, and will not receive security patches.
Risk and Mitigation
The highest risk exists for systems where the management web interface is accessible from untrusted networks or the internet. Palo Alto Networks advises:
- Update affected systems to the latest fixed versions.
- Restrict access to the web interface, allowing only trusted internal IPs.
- Use a jump box as an intermediary for secure management access.
- Enable Threat IDs 510000 and 510001 (via a Threat Prevention subscription) to detect and block attack attempts.
Current Exploitation Status
While there are no confirmed exploits in the wild, Palo Alto Networks urges immediate action to prevent potential attacks. Security teams can review vulnerable assets in the Customer Support Portal, where affected devices will be labeled PAN-SA-2024-0015.