CISA Adds Palo Alto Networks and SonicWall Flaws to Exploited Vulnerabilities List

Published by The Hacker News on in Hacking
Tags: palo alto networks sonicwall cisa known exploited vulnerabilities pan-os sslvpn vulnerability list cybersecurity news active exploitation cve-2025-0108 cvss score authentication bypass cybersecurity threats supply chain risks robust cybersecurity measures
AI Analysis

CISA has added two security flaws impacting Palo Alto Networks PAN-OS and SonicWall SonicOS SSLVPN to its KEV catalog, citing evidence of active exploitation. The CVE-2025-0108 flaw carries a CVSS score of 7.8 and involves an authentication bypass vulnerability in Palo Alto Networks PAN-OS. Organizations using affected systems are urged to patch the vulnerabilities immediately. The incident highlights potential risks associated with third-party software and services, underscoring the need foobust cybersecurity measures. Effective governance, including regular vulnerability management and secure configuration, is crucial to preventing exploitation and protecting against supply chain-related threats.

Key Points

  • Immediate Action Required: The addition of two security flaws to the Known Exploited Vulnerabilities (KEV) catalog by CISA highlights the urgent need for organizations to take immediate action to patch these vulnerabilities in their systems, particularly those using Palo Alto Networks PAN-OS and SonicWall SonicOS SSLVPN.r
  • Supply Chain Risks: The exploitation of these flaws demonstrates the potential risks associated with third-party software and services. Organizations must conduct thorough risk assessments and implement robust security measures to protect themselves from supply chain-related vulnerabilities.r
  • Cybersecurity Governance: CISA's actions emphasize the importance of effective cybersecurity governance, including regular vulnerability management, secure configuration, and employee education. Organizations must prioritize cybersecurity and invest in necessary measures to prevent exploitation.

Original Article

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added two security flaws impacting Palo Alto Networks PAN-OS and SonicWall SonicOS SSLVPN to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The flaws are listed below - CVE-2025-0108 (CVSS score: 7.8) - An authentication bypass vulnerability in the Palo Alto Networks PAN-OS

Source: The Hacker News

Share This Article

Hashtags for Sharing

Related Articles

Comments