谷歌的 Project Zero 和 Mandiant 网络安全团队近日联合发布了针对 Palo Alto Networks PAN-OS OpenConfig 插件中的一个高严重性命令注入漏洞（CVE-2025-0110）的概念验证（PoC）代码。该漏洞经身份验证的管理员能够通过伪造的 gNMI 请求在防火墙上执行任意命令，并提升权限至 root 访问级别。

Palo Alto Networks PAN-OS软件中一个上周刚修补的高严重性认证绕过漏洞，目前正被威胁攻击者积极利用，以获得受影响防火墙系统的root级别访问权限。 该漏洞被追踪为CVE-2025-0108，允许未经认证的攻击者通过网络访问PAN ...

Palo Alto Networks is warning customers that a second vulnerability patched in February is being exploited in attacks.

"Palo Alto Networks has observed exploit attempts chaining CVE-2025-0108 with CVE-2024-9474 and CVE-2025-0111 on unpatched and unsecured PAN-OS web management interfaces," it was said in the security ...

The US cybersecurity giant says hackers are exploiting the high-severity flaw to break into unpatched customer networks.

Use precise geolocation data and actively scan device characteristics for identification. This is done to store and access ...

The US IT security authority CISA warns of attacks on security vulnerabilities in Craft CMS and in Palo Alto Network's firewall operating system PAN-OS. Updates are available for the attacked ...

There are security gaps in the PAN-OS operating system for firewalls from Palo Alto Networks. Exploit code already exists for ...

A recently disclosed medium-severity bug was chained with critical, older bugs to gain root-level access to PAN firewall ...

Palo Alto Networks warns that hackers are actively exploiting a critical authentication bypass flaw (CVE-2025-0108) in PAN-OS ...

Palo Alto Networks has acknowledged that some of its next-generation firewalls running the PAN-OS operating system are ...

The flaw, when chained together with a prior vulnerability, can allow an attacker to gain access to unpatched firewalls.