The U.S. Cybersecurity and Infrastructure Safety Company (CISA) on Tuesday added two safety flaws impacting Palo Alto Networks PAN-OS and SonicWall SonicOS SSLVPN to its Identified Exploited Vulnerabilities (KEV) catalog, based mostly on proof of energetic exploitation.
The issues are listed beneath –
- CVE-2025-0108 (CVSS rating: 7.8) – An authentication bypass vulnerability within the Palo Alto Networks PAN-OS administration internet interface that enables an unauthenticated attacker with community entry to the administration internet interface to bypass the authentication usually required and invoke sure PHP scripts
- CVE-2024-53704 (CVSS rating: 8.2) – An improper authentication vulnerability within the SSLVPN authentication mechanism that enables a distant attacker to bypass authentication
Palo Alto Networks has since confirmed to The Hacker Information that it has noticed energetic exploitation makes an attempt towards CVE-2025-0108, with the corporate noting that it might be chained with different vulnerabilities like CVE-2024-9474 to permit unauthorized entry to unpatched and unsecured firewalls.
“Palo Alto Networks has noticed exploit makes an attempt chaining CVE-2025-0108 with CVE-2024-9474 and CVE-2025-0111 on unpatched and unsecured PAN-OS internet administration interfaces,” it stated in an up to date advisory.
Risk intelligence agency GreyNoise stated as many as 25 malicious IP addresses are actively exploiting CVE-2025-0108, with the quantity of attacker exercise surging 10 instances because it was detected almost per week in the past. The highest three sources of assault site visitors are the US, Germany, and the Netherlands.
As for CVE-2024-53704, cybersecurity firm Arctic Wolf revealed that risk actors are weaponizing the flaw shortly after a proof-of-concept (PoC) was made accessible by Bishop Fox.
In mild of energetic exploitation, Federal Civilian Govt Department (FCEB) companies are required to remediate the recognized vulnerabilities by March 11, 2025, to safe their networks.