Rapid Response Status: check for Rapid Response outages and issues

Active Incidents

No active incidents

Recently Resolved Incidents

Pan-OS Authentication Bypass - CVE-2025-0108

Started 16 Feb 2025 14:39:01 (5 days ago), resolved 17 Feb 2025 11:59:59 (4 days ago)

Incident without Impact

Resolved

Rapid Response

Team AXON is aware of a publication about an Authentication Bypass flaw related to Palo Alto Networks, affecting PAN-OS management web interface. The flaw, identified as CVE-2025-0108, allows an unauthenticated attacker with network access to the management web interface to bypass authentication to the PAN-OS management web interface and invoke certain PHP scripts.

A Proof-of-Concept exploit related to this vulnerability was published.

While invoking these PHP scripts does not enable remote code execution, it can negatively impact the integrity and confidentiality of PAN-OS.

to mitigate the risk, It is recommended to : - patch all the relevant PAN-OS devices. - restrict management interface access to only trusted internal IP addresses. - Threat Prevention subscription can be used to block attacks for this vulnerability by enabling Threat ID 510000 and 510001 (introduced in Applications and Threats content version 8943)

The team is actively searching for evidence of exploitations of this vulnerability in our customers’ environments. In case of identification of impacted customers, they will be notified directly.

Please don’t hesitate to contact us for further assistance or any relevant questions.

Sincerely, Team Axon

Resolved: Dear Customers,

Following our recent update regarding the PAN-OS vulnerability (CVE-2025-0108), we continued with the threat-focused hunting efforts, looking for suspicious requests.

we have published a visibility query for detecting devices that had Malicious HTTP Request on PAN Devices based on Threat ID's 510000 and 510001 from PAN Threat Prevention alerts. It is recommended validating that this traffic didn’t target any of your organizational PAN OS devices, and if so that the devices are fully patched.

The query is also available on Axon's GitHub: -PAN malicious HTTP Request alert: https://github.com/axon-git/rapid-response/blob/main/cve-2025-0108/pan_threat_logs_visibility.sql

Additionally, Axon reports have also been published for Team Axon customers, including the updated list of deliverables. Relevant hits that require your attention will be mentioned in the AXON report alongside recommended investigation steps.

We continue to monitor CVE-2025-0108 and will provide further updates as necessary. If you have any questions or need further assistance, please feel free to reach out.

Sincerely, Team Axon

17 Feb 2025 11:59:59 (4 days ago)

Investigating: Team AXON is aware of a publication about an Authentication Bypass flaw related to Palo Alto Networks, affecting PAN-OS management web interface. The flaw, identified as CVE-2025-0108, allows an unauthenticated attacker with network access to the management web interface to bypass authentication to the PAN-OS management web interface and invoke certain PHP scripts.

A Proof-of-Concept exploit related to this vulnerability was published.

While invoking these PHP scripts does not enable remote code execution, it can negatively impact the integrity and confidentiality of PAN-OS.

to mitigate the risk, It is recommended to : - patch all the relevant PAN-OS devices. - restrict management interface access to only trusted internal IP addresses. - Threat Prevention subscription can be used to block attacks for this vulnerability by enabling Threat ID 510000 and 510001 (introduced in Applications and Threats content version 8943)

The team is actively searching for evidence of exploitations of this vulnerability in our customers’ environments. In case of identification of impacted customers, they will be notified directly.

Please don’t hesitate to contact us for further assistance or any relevant questions.

Sincerely, Team Axon

16 Feb 2025 14:39:02 (5 days ago)

See all updates

Rapid Response Outage Survival Guide

A step-by-step guide to help you survive a Rapid Response outage

NaN%

Rapid Response Components

Rapid Response

Fri 14

Sat 15

Sun 16

Mon 17

Tue 18

Wed 19

Thu 20

now

Rapid Response

Fri 14

Sat 15

Sun 16

Mon 17

Tue 18

Wed 19

Thu 20

now

Pan-OS Authentication Bypass - CVE-2025-0108

Started 16 Feb 2025 14:39:01 (5 days ago), resolved 17 Feb 2025 11:59:59 (4 days ago)

Incident without Impact

Resolved

Rapid Response

Team AXON is aware of a publication about an Authentication Bypass flaw related to Palo Alto Networks, affecting PAN-OS management web interface. The flaw, identified as CVE-2025-0108, allows an unauthenticated attacker with network access to the management web interface to bypass authentication to the PAN-OS management web interface and invoke certain PHP scripts.

A Proof-of-Concept exploit related to this vulnerability was published.

While invoking these PHP scripts does not enable remote code execution, it can negatively impact the integrity and confidentiality of PAN-OS.

to mitigate the risk, It is recommended to : - patch all the relevant PAN-OS devices. - restrict management interface access to only trusted internal IP addresses. - Threat Prevention subscription can be used to block attacks for this vulnerability by enabling Threat ID 510000 and 510001 (introduced in Applications and Threats content version 8943)

The team is actively searching for evidence of exploitations of this vulnerability in our customers’ environments. In case of identification of impacted customers, they will be notified directly.

Please don’t hesitate to contact us for further assistance or any relevant questions.

Sincerely, Team Axon

Resolved: Dear Customers,

Following our recent update regarding the PAN-OS vulnerability (CVE-2025-0108), we continued with the threat-focused hunting efforts, looking for suspicious requests.

we have published a visibility query for detecting devices that had Malicious HTTP Request on PAN Devices based on Threat ID's 510000 and 510001 from PAN Threat Prevention alerts. It is recommended validating that this traffic didn’t target any of your organizational PAN OS devices, and if so that the devices are fully patched.

The query is also available on Axon's GitHub: -PAN malicious HTTP Request alert: https://github.com/axon-git/rapid-response/blob/main/cve-2025-0108/pan_threat_logs_visibility.sql

Additionally, Axon reports have also been published for Team Axon customers, including the updated list of deliverables. Relevant hits that require your attention will be mentioned in the AXON report alongside recommended investigation steps.

We continue to monitor CVE-2025-0108 and will provide further updates as necessary. If you have any questions or need further assistance, please feel free to reach out.

Sincerely, Team Axon

17 Feb 2025 11:59:59 (4 days ago)

Investigating: Team AXON is aware of a publication about an Authentication Bypass flaw related to Palo Alto Networks, affecting PAN-OS management web interface. The flaw, identified as CVE-2025-0108, allows an unauthenticated attacker with network access to the management web interface to bypass authentication to the PAN-OS management web interface and invoke certain PHP scripts.

A Proof-of-Concept exploit related to this vulnerability was published.

While invoking these PHP scripts does not enable remote code execution, it can negatively impact the integrity and confidentiality of PAN-OS.

to mitigate the risk, It is recommended to : - patch all the relevant PAN-OS devices. - restrict management interface access to only trusted internal IP addresses. - Threat Prevention subscription can be used to block attacks for this vulnerability by enabling Threat ID 510000 and 510001 (introduced in Applications and Threats content version 8943)

The team is actively searching for evidence of exploitations of this vulnerability in our customers’ environments. In case of identification of impacted customers, they will be notified directly.

Please don’t hesitate to contact us for further assistance or any relevant questions.

Sincerely, Team Axon

16 Feb 2025 14:39:02 (5 days ago)

See all updates

Rapid Response Status

Real-time updates of Rapid Response issues and outages

Rapid Response status is Operational

Rapid Response

Active Incidents

Recently Resolved Incidents

Rapid Response Outage Survival Guide

Rapid Response Components

Rapid Response

Rapid Response

Rapid Response Alternatives

DRACOON Cloud

Doppler

FTAPI

Wallarm

Qualys

IBM MaaS360

LockSelf

Foxpass

Commonly Used Together

Alloy

Vouched

ID.me

Login.gov

Bloom

Ekata

IDnow GmbH