The US Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday said it was a well-known Exploited Vulnerability (KEV) catalogue that was based on evidence of active exploitation. Added two security flaws that affect Palo Alto Networks and Sonic Wall Sonicos SLVPN.
The defects are listed below –
CVE-2025-0108 (CVSS score: 7.8) – Bypassing vulnerabilities in Palo Alto Networks PAN-OS Management Web Interface, network access to the management web interface to bypass required authentication, and erupting specific PHP -OS Management Web Interface Script CVE-2024-53704 (CVSS Score: 8.2) – Inappropriate Authentication Vulnerability in SSLVPN Authentication Mechanism that allows remote attackers to bypass authentication
Palo Alto Networks confirmed with Hacker News that it is observing an aggressive attempt at exploitation against CVE-2025-0108, and has chained it with other vulnerabilities like CVE-2024-9474. It states that access to unsecured parents who are not permitted or are not protected by unauthorized access can be enabled. Firewall.
“Palo Alto Networks observed an exploit attempt to check CVE-2024-9474 and CVE-2025-0111 and CVE-2025-0108.
Threat intelligence company Greynoise has actively utilized CVE-2025-0108 with as many as 25 malicious IP addresses, and has seen a surge in attacker activity 10 times since it was detected almost a week ago. He said. The top three sources of attack traffic are the US, Germany and the Netherlands.
Regarding CVE-2024-53704, cybersecurity company Arctic Wolf revealed that threat actors weaponized the flaws shortly after Bishop Fox (POC) became available.
In light of active exploitation, a Federal Civil Enforcement Division (FCEB) agency is required to fix vulnerabilities identified by March 11, 2025 and secure the network.
Source link
