CISA Recognizes New Vulnerabilities Affecting Palo Alto Networks and SonicWall
On Tuesday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) disclosed the addition of two vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, highlighting significant concerns regarding data security. These vulnerabilities impact the Palo Alto Networks PAN-OS and SonicWall SonicOS SSLVPN systems, which have been subjected to active exploitation in the wild.
Palo Alto Networks disclosed that the vulnerability identified as CVE-2025-0108, which carries a CVSS score of 7.8, allows unauthenticated attackers with network access to bypass the authentication mechanism on the management web interface. This flaw could enable malicious actors to execute specific PHP scripts, thereby compromising system integrity. The other vulnerability, CVE-2024-53704, with a higher CVSS score of 8.2, relates to improper authentication within the SSLVPN authentication process, facilitating unauthorized remote access.
CISA’s involvement underscores the urgency of addressing these vulnerabilities. Reports indicate that these exploits could be aggregated with others, including CVE-2024-9474, making it critical for organizations to prioritize their security measures. Palo Alto Networks confirmed to The Hacker News that they have seen attempts to exploit these vulnerabilities together, emphasizing the need for comprehensive patch management and vulnerability remediation.
In the context of the MITRE ATT&CK framework, tactics such as initial access, where attackers gain entry into systems, and privilege escalation, where they exploit vulnerabilities to obtain unauthorized access, can be observed in these incidents. The potential for chaining these vulnerabilities enhances their exploitability, posing serious risks to network security.
Threat intelligence firm GreyNoise reported an alarming escalation in exploitation attempts, noting that around 25 malicious IP addresses are actively targeting CVE-2025-0108. Moreover, the intensity of this activity surged tenfold since the vulnerability was flagged less than a week ago, with notable attacker traffic originating from the United States, Germany, and the Netherlands.
Subsequent analysis from Arctic Wolf indicated that threat actors quickly weaponized CVE-2024-53704 once a proof-of-concept became public, further intensifying the urgency for remediation efforts. In response, federal agencies under the Civilian Executive Branch have been mandated to address these vulnerabilities by March 11, 2025, to strengthen their cybersecurity posture.
In a related update, CISA recently expanded its advisories by including CVE-2025-0111 to the KEV catalog, compelling federal agencies to upgrade their systems by March 13, 2025. The newly identified vulnerability enables authenticated users with network access to read files on the PAN-OS filesystem, heightening the need for immediate action.
As the cybersecurity landscape evolves with new threats, business owners are urged to remain vigilant and proactive in fortifying their digital defenses. Engaging with current insights from authoritative sources can significantly mitigate the risks posed by such vulnerabilities.
