- Cisco CIO Fletcher Previn talks culture: 'They can steal your technology, but not your philosophy'
- Fake Toll Road Scam Texts are Everywhere. These Cities are The Most Targeted. | McAfee Blog
- Everything Amazon announced at its Alexa event today: Alexa+, Echo Show UI, and more
- This compact smart heater can easily warm up your living room without breaking the bank
- 日本ラグビー協会、メディア戦略にクラウドをどう活かす?
Hackers gain root access to Palo Alto firewalls through chained bugs
Discovery of CVE-2025-0108 came from post-patch analysis of CVE-2024-9474, a medium-severity flaw (CVSS 6.9/10) that was actively exploited in November. At that time, attackers were seen chaining CVE-2024-9474 with another critical authentication bypass vulnerability (CVE-2024-0012) affecting PAN-OS, and together they allowed executing codes remotely on compromised systems.
Now threat actors are chaining CVE-2025-0108, and CVE-2024-9474 with a high-severity flaw (CVE-2025-0111) for unauthorized root-level access to vulnerable systems, potentially allowing extraction of sensitive configuration data and user credentials.
All three vulnerabilities affect PAN-OS versions 10.1, 10.2, 11.1, and 11.2, and have received patches respectively. Palo Alto Networks confirmed that its Cloud NGFW and Prisma Access services are not impacted.
