Description

A vulnerability exists in the PAN-OS management interface due to discrepancies in path processing between Nginx and Apache. The flaw allows an attacker to exploit a path confusion weakness using double URL encoding combined with directory traversal. This bypasses authentication checks enforced by the X-pan-AuthCheck header. A successful exploit grants unauthorized access to the administrative interface, potentially compromising the firewall management system.

Remediation

Upgrade to the latest version of Palo Alto PAN-OS.

References

Technical Analysis of PAN-OS Authentication Bypass (CVE-2025-0108)

CVE-2025-0108 PAN-OS: Authentication Bypass in the Management Web Interface

Related Vulnerabilities

PHP Improper Input Validation Vulnerability (CVE-2012-0788)

Jboss EAP Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2018-1000180)

MySQL CVE-2021-2048 Vulnerability (CVE-2021-2048)

Liferay Portal Deserialization of Untrusted Data Vulnerability (CVE-2019-16891)

WebLogic CVE-2022-21257 Vulnerability (CVE-2022-21257)

Severity

Critical

Classification

CVE-2025-0108 CWE-287 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

Tags

Authentication Bypass Known Vulnerabilities Code Execution