Palo Alto Networks released updates to fix a high-severity authentication bypass issue in the PAN-OS management interface, tracked as CVE-2025-0108, which could be leveraged to evade security defenses and trigger PHP scripts, reports SC Media.
Assetnote researchers discovered the vulnerability while evaluating patches for actively exploited PAN-OS bugs, tracked as CVE-2024-0012 and CVE-2024-9474. The vulnerability stems from a path confusion bug between the PAN-OS management interface's Nginx and Apache components.
Discrepancies between Apache's and Nginx's interpretation of web requests could be exploited through the delivery of requests with various encoding layers that would allow Nginx to deactivate the "X-pan-AuthCheck" header while Apache performs renormalization, according to researchers.
However, Palo Alto Networks disclosed that PAN-OS management interface access restrictions to whitelisted IP addresses significantly reduce the severity of the security issue as attackers would be required to take over trusted IP addresses prior to facilitating the exploit compromise.
