U.S. cybersecurity large Palo Alto Networks has warned that hackers are exploiting some other vulnerability in its firewall device to wreck into unpatched buyer networks.
Attackers are exploiting a lately disclosed vulnerability in PAN-OS, the working gadget that runs Palo Alto Networks firewalls, the California-based corporate showed on Tuesday.
Cybersecurity company Assetnote first came upon the vulnerability, tracked as CVE-2025-0108, previous this month whilst inspecting two previous Palo Alto firewall vulnerabilities that have been utilized in previous assaults.
Palo Alto Networks launched an advisory at the identical day and prompt shoppers to urgently patch towards the most recent computer virus. The corporate up to date its advisory on Tuesday to warn that the vulnerability is underneath lively assault.
The corporate mentioned malicious attackers are chaining the vulnerability with two in the past disclosed flaws — CVE-2024-9474 and CVE-2025-0111 — to focus on unpatched and unsecured PAN-OS internet control interfaces. CVE-2024-9474 has been exploited in assaults since November 2024, we in the past reported.
Palo Alto Networks hasn’t defined how the 3 vulnerabilities are being chained in combination by way of hackers, however famous that the complexity of the assault is “low.”
The size of the exploitation isn’t but recognized, however danger intelligence startup GreyNoise mentioned in a weblog publish on Tuesday that it has noticed 25 IP addresses actively exploiting the PAN-OS vulnerability, up from two IP addresses on February 13, suggesting an uptick in exploitation process. The exploitation makes an attempt were flagged by way of GreyNoise as “malicious,” suggesting that danger actors are at the back of the exploitation relatively than safety researchers.
“This high-severity flaw permits unauthenticated attackers to execute particular PHP scripts, probably resulting in unauthorized get right of entry to to inclined programs,” GreyNoise mentioned.
GreyNoise says it has noticed the easiest ranges of assault site visitors within the U.S., Germany, and the Netherlands.
It’s now not recognized who’s at the back of those assaults, or whether or not any delicate knowledge has been stolen from shoppers’ networks. Palo Alto Networks didn’t straight away reply to techmim’s questions.
CISA, the U.S. govt’s cybersecurity company, added the most recent Palo Alto computer virus to its publicly indexed Recognized Exploited Vulnerabilities (KEV) catalog on Tuesday.
cybersecurity,firewall,palo alto,safety,vulnerability
Supply hyperlink
