A high-severity authentication bypass vulnerability in Palo Alto Networks’ PAN-OS software, patched last week, is now being actively exploited by threat actors to gain root-level access to affected firewall systems.
Tracked as CVE-2025-0108, the vulnerability allows an unauthenticated attacker with network access to the PAN-OS management web interface to bypass authentication requirements.