The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two critical vulnerabilities affecting Palo Alto Networks PAN-OS and SonicWall SonicOS SSLVPN to its Known Exploited Vulnerabilities (KEV) catalog. This decision is based on confirmed evidence of these vulnerabilities being actively exploited by threat actors.
The first vulnerability, CVE-2025-0108 (CVSS 7.8), allows attackers to bypass authentication in the PAN-OS web management interface and execute specific PHP scripts without authorization. The second, CVE-2024-53704 (CVSS 8.2), compromises the SSLVPN authentication mechanism, enabling remote attackers to circumvent authentication protocols.
Palo Alto Networks has officially confirmed that CVE-2025-0108 is already being leveraged in real-world attacks. The company further warned that cybercriminals may chain this vulnerability with others, such as CVE-2024-9474, to gain unauthorized access to unprotected and unpatched firewalls.
Last week, cybersecurity intelligence firm GreyNoise reported the identification of 25 malicious IP addresses actively exploiting CVE-2025-0108. The volume of attacks has surged tenfold in recent weeks, with the highest activity observed originating from the United States, Germany, and the Netherlands.
Regarding CVE-2024-53704, Arctic Wolf has highlighted that an exploit for this vulnerability became available immediately after security researchers at Bishop Fox published a proof-of-concept (PoC). This rapid disclosure led to its swift adoption by threat actors.
In response to the escalating threat, U.S. federal civilian agencies (FCEB) are mandated to remediate these vulnerabilities by March 11, 2025, to safeguard their networks against potential cyberattacks.
