Palo Alto Networks Firewall Vulnerabilities Under Active Exploitation

Hackers are chaining three flaws in PAN-OS to gain root access, prompting urgent patch advisories.

Three vulnerabilities in Palo Alto Networks' PAN-OS software (CVE-2025-0108, CVE-2024-9474, and CVE-2025-0111) are being actively exploited in combination to breach firewalls.
The flaws allow attackers to bypass authentication, escalate privileges, and read sensitive files, potentially leading to full root access on unpatched systems.
Threat intelligence firm GreyNoise has observed an increase in exploitation attempts, with activity rising from two to 25 IP addresses targeting the vulnerabilities.
Palo Alto Networks has urged customers to immediately apply patches released on February 12, 2025, for PAN-OS versions 10.1 through 11.2.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2025-0108 to its Known Exploited Vulnerabilities catalog, requiring federal agencies to patch by March 11, 2025.