CISA warns of active Palo Alto Networks and SonicWall exploits

The US CISA has added two critical flaws affecting Palo Alto Networks and SonicWall to its Known Exploited Vulnerabilities (KEV) Catalog.

The vulnerabilities are:

• CVE-2025-0108: Palo Alto Networks PAN-OS Authentication Bypass Vulnerability  
• CVE-2024-53704: SonicWall SonicOS SSLVPN Improper Authentication Vulnerability  

Cybersecurity firm GreyNoise has detected a sharp surge in malicious activity exploiting CVE-2025-0108, an authentication bypass affecting Palo Alto Networks’ PAN-OS.

GreyNoise has observed traffic from 25 malicious IPs attempting exploitation, up from just two on 13 February. The top origin countries of attack traffic are the US, Germany, and the Netherlands.

Palo Alto Networks has confirmed the vulnerability’s active exploitation and categorised it as “Highest Urgency” for defenders. The flaw allows unauthenticated attackers to execute specific PHP scripts, potentially gaining unauthorised access to systems.

Organisations relying on PAN-OS firewalls are advised to immediately patch their systems, restrict access to management interfaces, and monitor exploitation trends.  

The KEV Catalog was created under Binding Operational Directive (BOD) 22-01, which mandates Federal Civilian Executive Branch (FCEB) agencies to address high-risk vulnerabilities by set remediation deadlines.

While the directive is legally binding only for FCEB agencies, CISA is urging all organisations to adopt proactive vulnerability management to mitigate cyber risks.  

CISA’s updates to the KEV Catalog demonstrate the urgency of staying ahead of evolving cyber threats. Organisations using Palo Alto or SonicWall solutions should take immediate action to minimise their exposure—delayed remediation could leave systems vulnerable to malicious actors.

(Photo by Marcel Eberle)

See also: National Audit Office: Public services face ‘severe’ cyber risks

Want to learn more about cybersecurity and the cloud from industry leaders? Check out Cyber Security & Cloud Expo taking place in Amsterdam, California, and London. The comprehensive event is co-located with other leading events including Digital Transformation Week, IoT Tech Expo, Blockchain Expo, and AI & Big Data Expo.

Explore other upcoming enterprise technology events and webinars powered by TechForge here.

Tags: cisa, cybersecurity, Enterprise, exploits, firewalls, hacking, infosec, Networks, palo alto networks, Security, sonicwall, vulnerabilities