Description

A vulnerability exists in the PAN-OS management interface due to discrepancies in path processing between Nginx and Apache. The flaw allows an attacker to exploit a path confusion weakness using double URL encoding combined with directory traversal. This bypasses authentication checks enforced by the X-pan-AuthCheck header. A successful exploit grants unauthorized access to the administrative interface, potentially compromising the firewall management system.

Remediation

Upgrade to the latest version of Palo Alto PAN-OS.

References

Technical Analysis of PAN-OS Authentication Bypass (CVE-2025-0108)

CVE-2025-0108 PAN-OS: Authentication Bypass in the Management Web Interface

Related Vulnerabilities

WordPress CVE-2023-39999 Vulnerability (CVE-2023-39999)

OpenSSL Observable Differences in Behavior to Error Inputs Vulnerability (CVE-2019-1559)

Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-16809)

MySQL CVE-2016-0502 Vulnerability (CVE-2016-0502)

Oracle Database Server CVE-2012-0519 Vulnerability (CVE-2012-0519)

Severity

Critical

Classification

CVE-2025-0108 CWE-287 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

Tags

Authentication Bypass Known Vulnerabilities Code Execution