Palo Alto Network Warning Another Firewall Vulnerability in Hacker Attack

U.S. cybersecurity giant Palo Alto Networks warns that hackers are exploiting another vulnerability in their firewall software to break down uncatched customer networks.

The California-based company confirmed Tuesday that attackers are taking advantage of the operating system that operates Palo Alto Networks Firewalls to be flooded.

Cybersecurity company AssetNote first discovered a vulnerability tracked as CVE-2025-0108 earlier this month, while analyzing two early Palo Alto firewall vulnerabilities that have been used in early attacks.

Palo Alto Networks released a consultation the same day and urged clients to urgently patch the latest bugs. The company updated its consulting service on Tuesday to warn the vulnerability was proactively attacked.

The company said malicious attackers are using two previously disclosed flaws (CVE-2024-9474 and CVE-2025-0111) to link vulnerabilities to target unopened and non-secured Pan-OS web management interfaces. We previously reported that CVE-2024-9474 has been exploited in the attack since November 2024.

The Palo Alto network has not explained how hackers chained three vulnerabilities together, but pointed out that the complexity of the attack is "low".

The scale of exploitation is unclear, but threat intelligence startup Greynoise said in a blog post on Tuesday that it observed 25 IP addresses actively exploiting Pan-OS vulnerability, two IP addresses on February 13, suggesting Exploitation activities. Greynoise calls the exploitation attempt "maliciousness", which suggests that threat actors are behind the exploitation, not security researchers.

"This high level of flaw allows unverified attackers to execute specific PHP scripts, which can lead to unauthorized access to vulnerable systems," Greynoise said.

Greynoise said it has observed the highest attack traffic in the United States, Germany and the Netherlands.

Who is behind these attacks, or whether any sensitive data has been stolen from the customer network. Palo Alto Network did not immediately answer TechCrunch's questions.

The U.S. government's Cybersecurity Agency, CISA, added the latest Palo Alto bug to its publicly listed Known Exploitation Vulnerability (KEV) directory on Tuesday.