The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two critical vulnerabilities affecting Palo Alto Networks and SonicWall to its Known Exploited Vulnerabilities (KEV) Catalog.
The newly listed vulnerabilities are:
- CVE-2025-0108: Authentication bypass in Palo Alto Networks PAN-OS
- CVE-2024-53704: Improper authentication in SonicWall SonicOS SSLVPN
Cybersecurity firm GreyNoise reports a sharp increase in malicious activity exploiting CVE-2025-0108, the PAN-OS authentication bypass. Researchers observed probing traffic from 25 distinct malicious IP addresses attempting to exploit the flaw, up from only two observed on 13 February. The top source countries for that traffic are the United States, Germany, and the Netherlands.
Palo Alto Networks has confirmed active exploitation of the vulnerability and has classified the issue as “Highest Urgency” for defenders. The flaw can allow unauthenticated attackers to invoke specific PHP scripts, potentially enabling unauthorized access to affected systems.
Organizations that use PAN-OS firewalls are strongly advised to apply available patches immediately, restrict access to management interfaces, and closely monitor network and log activity for signs of exploitation. Rapid remediation and vigilant monitoring will reduce the likelihood of successful compromise.
CISA’s KEV Catalog was created under Binding Operational Directive (BOD) 22-01, which requires Federal Civilian Executive Branch (FCEB) agencies to remediate high-risk vulnerabilities by established deadlines. Although this directive is legally binding for FCEB agencies, CISA recommends that all organizations adopt proactive vulnerability management practices to reduce cyber risk.
The recent additions to the KEV Catalog highlight the need for organizations to stay ahead of evolving cyber threats. Enterprises using Palo Alto or SonicWall products should prioritize patching and access controls to minimize exposure; delaying remediation increases the risk of successful attacks by malicious actors.
(Photo by Marcel Eberle)
See also: National Audit Office: Public services face ‘severe’ cyber risks
Want to learn more about cybersecurity and the cloud from industry leaders? Consider attending Cyber Security & Cloud Expo, held in Amsterdam, California, and London. The event is co-located with Digital Transformation Week, IoT Tech Expo, Blockchain Expo, and AI & Big Data Expo.
Explore other upcoming enterprise technology events and webinars powered by TechForge.