CISA Flags Palo Alto Networks and SonicWall Flaws as Actively Exploited



 CISA Adds Palo Alto Networks and SonicWall Flaws to Exploited Vulnerabilities

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two critical security vulnerabilities affecting Palo Alto Networks PAN-OS and SonicWall SonicOS SSLVPN to its Known Exploited Vulnerabilities (KEV) catalog. The inclusion is based on confirmed evidence of active exploitation.


Details of the Vulnerabilities

The following flaws have been identified:

  • CVE-2025-0108 (CVSS score: 7.8) – An authentication bypass vulnerability in the Palo Alto Networks PAN-OS management web interface. This flaw allows an unauthenticated attacker with network access to the management web interface to bypass authentication and invoke specific PHP scripts.

  • CVE-2024-53704 (CVSS score: 8.2) – An improper authentication vulnerability in the SSLVPN authentication mechanism of SonicWall SonicOS. This vulnerability enables a remote attacker to bypass authentication and gain unauthorized access.

Active Exploitation and Threat Landscape

Palo Alto Networks has confirmed to The Hacker News that CVE-2025-0108 is being actively exploited. Attackers have been observed chaining this flaw with other vulnerabilities such as CVE-2024-9474 and CVE-2025-0111 to gain unauthorized access to unpatched and unsecured firewalls.

Threat intelligence firm GreyNoise has reported that 25 malicious IP addresses are currently exploiting CVE-2025-0108. The number of attack attempts has surged tenfold since the vulnerability was first detected. The top three sources of attack traffic are originating from the United States, Germany, and the Netherlands.

Meanwhile, Arctic Wolf has disclosed that CVE-2024-53704 is also being weaponized. The exploitation of this vulnerability accelerated following the release of a proof-of-concept (PoC) by security research firm Bishop Fox.

Federal Mandate for Remediation

Given the active exploitation, the U.S. government has mandated that all Federal Civilian Executive Branch (FCEB) agencies remediate these vulnerabilities by March 11, 2025 to safeguard their networks.

Organizations using Palo Alto Networks PAN-OS and SonicWall SonicOS are strongly advised to apply the necessary patches immediately and implement additional security measures to mitigate potential threats.

By at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Chinese Hackers Target U.S. Telecoms with Custom Malware in Stealthy Cyber Espionage

  Salt Typhoon Hackers Use JumbledPath to Spy on U.S. Telecom Networks A Chinese state-sponsored hacking group, Salt Typhoon (also known as ...