Urgent: Patch Now! Palo Alto & SonicWall Vulnerabilities Exploited
Palo Alto Networks and SonicWall customers are advised to immediately patch their products due to active exploitation of vulnerabilities. While no specific hacker groups are known to be actively exploiting CVE-2025-0108, the risk is high due to public proof-of-concepts and increasing scans.
Threat actors are exploiting CVE-2025-0108 in Palo Alto Networks' PAN-OS management web interface, allowing unauthenticated attackers to run certain PHP scripts. SonicWall's SonicOS is also affected by the authentication bypass bug CVE-2024-53704, with public proof-of-concepts increasing the risk of exploitation.
GreyNoise has observed at least 20 IPs attempting to exploit the vulnerability in attacks against Palo Alto Networks' PAN-OS. Both companies urge customers to upgrade to patched versions or disable affected features if updates are not possible. GCHQ's NCSC and allies have published new guidance for edge device manufacturers to improve security standards.
Palo Alto Networks and SonicWall customers must prioritise patching their products to mitigate the risk of exploitation. With public proof-of-concepts and increasing scans, prompt action is crucial to protect against potential attacks.
