dark
Hand-Picked Top-Read Stories
Trending Tags
2 minute read

CISA Adds Palo Alto Networks and SonicWall Flaws to Exploited Vulnerabilities List

Avatar
info@thehackernews.com (The Hacker News)
February 18, 2025
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added two security flaws impacting Palo Alto Networks PAN-OS and SonicWall SonicOS SSLVPN to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The flaws are listed below – CVE-2025-0108 (CVSS score: 7.8) – An authentication bypass vulnerability in the Palo Alto Networks PAN-OS
Total
0
Shares
0
0
0
[[{“value”:”

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added two security flaws impacting Palo Alto Networks PAN-OS and SonicWall SonicOS SSLVPN to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.

The flaws are listed below –

CVE-2025-0108 (CVSS score: 7.8) – An authentication bypass vulnerability in the Palo Alto Networks PAN-OS management web interface that allows an unauthenticated attacker with network access to the management web interface to bypass the authentication normally required and invoke certain PHP scripts
CVE-2024-53704 (CVSS score: 8.2) – An improper authentication vulnerability in the SSLVPN authentication mechanism that allows a remote attacker to bypass authentication

Palo Alto Networks has since confirmed to The Hacker News that it has observed active exploitation attempts against CVE-2025-0108, with the company noting that it could be chained with other vulnerabilities like CVE-2024-9474 to allow unauthorized access to unpatched and unsecured firewalls.

“Palo Alto Networks has observed exploit attempts chaining CVE-2025-0108 with CVE-2024-9474 and CVE-2025-0111 on unpatched and unsecured PAN-OS web management interfaces,” it said in an updated advisory.

Threat intelligence firm GreyNoise said as many as 25 malicious IP addresses are actively exploiting CVE-2025-0108, with the volume of attacker activity surging 10 times since it was detected nearly a week ago. The top three sources of attack traffic are the United States, Germany, and the Netherlands.

As for CVE-2024-53704, cybersecurity company Arctic Wolf revealed that threat actors are weaponizing the flaw shortly after a proof-of-concept (PoC) was made available by Bishop Fox.

In light of active exploitation, Federal Civilian Executive Branch (FCEB) agencies are required to remediate the identified vulnerabilities by March 11, 2025, to secure their networks.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

“}]] The Hacker News 

Total
0
Shares
Share 0
Tweet 0
Share 0
Share 0
Share 0
Previous Post

Hackers use ‘sophisticated’ macOS malware to steal cryptocurrency, Microsoft says

February 18, 2025
Next Post

Trojanized Game Installers Deploy Cryptocurrency Miner in Large-Scale StaryDobry Attack

February 19, 2025
Related Posts
2 min

Meta Confirms Zero-Click WhatsApp Spyware Attack Targeting 90 Journalists, Activists

Meta-owned WhatsApp on Friday said it disrupted a campaign that involved the use of spyware to target journalists and civil society members. The campaign, which targeted around 90 members, involved the use of spyware from an Israeli company known as Paragon Solutions. The attackers were neutralized in December 2024. In a statement to The Guardian, the encrypted messaging app said it has reached
Avatar
info@thehackernews.com (The Hacker News)
February 1, 2025
Read More
3 min

LightSpy Expands to 100+ Commands, Increasing Control Over Windows, macOS, Linux, and Mobile

Cybersecurity researchers have flagged an updated version of the LightSpy implant that comes equipped with an expanded set of data collection features to extract information from social media platforms like Facebook and Instagram. LightSpy is the name given to a modular spyware that's capable of infecting both Windows and Apple systems with an aim to harvest data. It was first documented in
Avatar
info@thehackernews.com (The Hacker News)
February 25, 2025
Read More