CWE-CWE-287

,

PAN-OS Management Interface Authentication Bypass (CVE-2025-0108)

Severity:

Critical

Summary

A vulnerability exists in the PAN-OS management interface due to discrepancies in path processing between Nginx and Apache. The flaw allows an attacker to exploit a path confusion weakness using double URL encoding combined with directory traversal. This bypasses authentication checks enforced by the X-pan-AuthCheck header. A successful exploit grants unauthorized access to the administrative interface, potentially compromising the firewall management system.

Impact

An unauthenticated attacker can gain administrative access to PAN-OS, compromising network security.

Remediation

Upgrade to the latest version of Palo Alto PAN-OS.

Required Skills for Successful Exploitation

Actions To Take

Classifications

,

Vulnerability Index

You can search and find all vulnerabilities

Select Category

Select Vulnerability

Select Vulnerability

Related Vulnerabilities

Apache OFBiz Authentication Bypass (CVE-2023-51467)

PAN-OS Management Interface Authentication Bypass (CVE-2025-0108)

Featured resources

Strengthening enterprise application security: Invicti acquires Kondukto

Read this article

Modern AppSec KPIs: Moving from scan counts to real risk reduction

Read this article

Friends don’t let friends shift left: Shift smarter with DAST-first AppSec

Read this article

Vibe talking: Dan Murphy on the promises, pitfalls, and insecurities of vibe coding

Read this article

Strengthening enterprise application security: Invicti acquires Kondukto

Read this article

Modern AppSec KPIs: Moving from scan counts to real risk reduction

Read this article

Friends don’t let friends shift left: Shift smarter with DAST-first AppSec

Read this article

Vibe talking: Dan Murphy on the promises, pitfalls, and insecurities of vibe coding

Read this article

View all resources

Build your resistance to threats. And save hundreds of hours each month.