The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday included two security vulnerabilities in its Known Exploited Vulnerabilities (KEV) catalog and Common vulnerabilities and Exposures, warning organizations about active cyber attacks targeting Palo Alto Networks and SonicWall products.
These vulnerabilities, which cybercriminals are already exploiting, pose serious risks to organizations’ security. Here are the flaws:
- CVE-2025-0108 (CVSS Score: 7.8) – Palo Alto PAN-OS Authentication Bypass Vulnerability: This affects Palo Alto Networks’ PAN-OS software that runs on their next-gen firewalls. The flaw lets unauthenticated attackers bypass authentication mechanisms, leading to unauthorized access to network systems. Once exploited, attackers can steal sensitive data, deploy malware, or move laterally within the network.
- CVE-2024-53704 (CVSS Score: 8.2) – SonicWall SonicOS SSLVPN Improper Authentication Vulnerability: Found in SonicWall’s SonicOS SSLVPN feature used for remote access, this flaw allows attackers to bypass authentication, gaining access to VPN-protected networks. With this access, attackers can intercept communications, steal credentials, and escalate privileges, posing a huge risk to enterprise security.
Active Exploitation & Threat Landscape
Palo Alto Networks has confirmed active exploitation of CVE-2025-0108. They report that attackers are chaining this vulnerability with others, including CVE-2024-9474 and CVE-2025-0111, on unpatched PAN-OS web management interfaces.
“Palo Alto Networks has observed exploit attempts chaining CVE-2025-0108 with CVE-2024-9474 and CVE-2025-0111 on unpatched and unsecured PAN-OS web management interfaces,” stated the company’s advisory.
Cybersecurity firm GreyNoise has tracked 26 active exploitation attempts for CVE-2025-0108 targeting victims in the United States, France, Germany, the Netherlands, and Brazil.
Meanwhile, Bishop Fox recently published technical details and a proof-of-concept (PoC) exploit for CVE-2024-53704. Within hours of the PoC release, Arctic Wolf detected real-world exploitation attempts.
Mandatory Patching Directive
CISA has mandated all Federal Civilian Executive Branch (FCEB) agencies to apply patches by March 11, 2025, per Binding Operational Directive (BOD) 22-01. This urgent measure aims to reduce risks and prevent further compromise.
What Organizations Should Do
Palo Alto Networks and SonicWall have both released security patches and advisories for affected users. Organizations using these products must:
- Update to the latest firmware immediately.
- Monitor network activity for any suspicious behavior.
- Restrict admin access to trusted sources.
- Implement multi-layered security strategies to defend against evolving cyber threats.
Cybercriminals are getting smarter and faster. If your organization relies on Palo Alto or SonicWall products, patching these vulnerabilities should be your top priority right now.
Stay ahead of the threats and secure your networks before it’s too late!
