Description
A vulnerability exists in the PAN-OS management interface due to discrepancies in path processing between Nginx and Apache. The flaw allows an attacker to exploit a path confusion weakness using double URL encoding combined with directory traversal. This bypasses authentication checks enforced by the X-pan-AuthCheck header. A successful exploit grants unauthorized access to the administrative interface, potentially compromising the firewall management system.
Remediation
Upgrade to the latest version of Palo Alto PAN-OS.
References
Technical Analysis of PAN-OS Authentication Bypass (CVE-2025-0108)
CVE-2025-0108 PAN-OS: Authentication Bypass in the Management Web Interface
Related Vulnerabilities
WordPress Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2016-6635)
Oracle Database Server CVE-2019-2940 Vulnerability (CVE-2019-2940)
Grafana Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2024-10452)
qdPM Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-11811)