TechCrunch News 02月19日
Palo Alto Networks warns of another firewall vulnerability under attack by hackers
index_new5.html
../../../zaker_core/zaker_tpl_static/wap/tpl_guoji1.html

 

美国网络安全巨头Palo Alto Networks警告称,黑客正在利用其防火墙软件中的另一个漏洞入侵未打补丁的客户网络。该公司证实,攻击者正在利用PAN-OS(Palo Alto Networks防火墙的操作系统)中最近披露的漏洞CVE-2025-0108。安全公司Assetnote率先发现了该漏洞,并敦促客户尽快修复。该公司更新了其咨询报告,警告称该漏洞正遭受积极攻击。攻击者将该漏洞与之前披露的两个缺陷CVE-2024-9474和CVE-2025-0111串联起来,以攻击未打补丁且不安全的PAN-OS Web管理界面。GreyNoise表示,已观察到25个IP地址在积极利用该PAN-OS漏洞,表明利用活动有所增加。该漏洞允许未经身份验证的攻击者执行特定的PHP脚本,可能导致未经授权访问易受攻击的系统。

🚨 Palo Alto Networks防火墙的PAN-OS操作系统存在新的高危漏洞CVE-2025-0108,黑客正积极利用该漏洞入侵未打补丁的客户网络,情况紧急。

🔗 攻击者正在将CVE-2025-0108与之前披露的两个漏洞CVE-2024-9474和CVE-2025-0111串联起来,形成复杂的攻击链,专门针对未打补丁且不安全的PAN-OS Web管理界面。

🌍 GreyNoise的监测数据显示,美国、德国和荷兰是遭受攻击流量最多的地区,表明这些地区的Palo Alto Networks用户面临更高的风险。

🛡️ 美国网络安全机构CISA已将此漏洞添加到其已知被利用漏洞目录(KEV)中,敦促政府机构和其他组织优先修复该漏洞,以降低安全风险。

U.S. cybersecurity giant Palo Alto Networks has warned that hackers are exploiting another vulnerability in its firewall software to break into unpatched customer networks.

Attackers are exploiting a recently disclosed vulnerability in PAN-OS, the operating system that runs Palo Alto Networks firewalls, the California-based company confirmed on Tuesday.

Cybersecurity firm Assetnote first discovered the vulnerability, tracked as CVE-2025-0108, earlier this month while analyzing two earlier Palo Alto firewall vulnerabilities that had been used in earlier attacks. 

Palo Alto Networks released an advisory on the same day and urged customers to urgently patch against the latest bug. The company updated its advisory on Tuesday to warn that the vulnerability is under active attack.

The company said malicious attackers are chaining the vulnerability with two previously disclosed flaws — CVE-2024-9474 and CVE-2025-0111 — to target unpatched and unsecured PAN-OS web management interfaces. CVE-2024-9474 has been exploited in attacks since November 2024, we previously reported. 

Palo Alto Networks hasn’t explained how the three vulnerabilities are being chained together by hackers, but noted that the complexity of the attack is “low.” 

The scale of the exploitation is not yet known, but threat intelligence startup GreyNoise said in a blog post on Tuesday that it has observed 25 IP addresses actively exploiting the PAN-OS vulnerability, up from two IP addresses on February 13, suggesting an uptick in exploitation activity. The exploitation attempts have been flagged by GreyNoise as “malicious,” suggesting that threat actors are behind the exploitation rather than security researchers. 

“This high-severity flaw allows unauthenticated attackers to execute specific PHP scripts, potentially leading to unauthorized access to vulnerable systems,” GreyNoise said. 

GreyNoise says it has observed the highest levels of attack traffic in the U.S., Germany, and the Netherlands. 

It’s not known who is behind these attacks, or whether any sensitive data has been stolen from customers’ networks. Palo Alto Networks did not immediately respond to TechCrunch’s questions. 

CISA, the U.S. government’s cybersecurity agency, added the latest Palo Alto bug to its publicly listed Known Exploited Vulnerabilities (KEV) catalog on Tuesday. 

Fish AI Reader

Fish AI Reader

AI辅助创作,多种专业模板,深度分析,高质量内容生成。从观点提取到深度思考,FishAI为您提供全方位的创作支持。新版本引入自定义参数,让您的创作更加个性化和精准。

FishAI

FishAI

鱼阅,AI 时代的下一个智能信息助手,助你摆脱信息焦虑

联系邮箱 441953276@qq.com

相关标签

Palo Alto Networks 防火墙漏洞 网络安全 CVE-2025-0108
相关文章
MediExcel 泄露了 50 万份患者文件
美国希望提高关键基础设施的网络弹性
IMF:2024年4月全球金融稳定报告