Palo Alto Networks Product Security Update Advisory

Overview

Palo Alto Networks has released security updates to fix vulnerabilities in its products. Users of affected products are advised to update to the latest version.
 

 

Affected Products

CVE-2025-0108, CVE-2025-0111

 

Pan-OS Versions: 11.2.0 through 11.2.4-h4 (excluded)
Pan-OS Versions: 11.1.0 through 11.1.6-h1 (excluded)
Pan-OS versions: 11.1.2 through 11.1.2-h18 (excluded)
Pan-OS versions: 10.2.7 through 10.2.7-h24 (excluded)
Pan-OS versions: 10.2.8 through 10.2.8-h21 (excluded)
Pan-OS versions: 10.2.9 through 10.2.9-h21 (excluded)
Pan-OS versions: 10.2.10 through 10.2.10-h14 (excluded)
Pan-OS versions: 10.2.11 through 10.2.11-h12 (excluded)
Pan-OS versions: 10.2.12 through 10.2.12-h5 (excluded)
Pan-OS versions: 10.2.13 through 10.2.13-h3 (excluded)
Pan-OS versions: 10.1.0 through 10.1.14-h9 (excluded)

 

 

Resolved Vulnerabilities

Vulnerable round-trip authentication and session management vulnerability (CVE-2025-0108)
Arbitrary File Read Vulnerability (CVE-2025-0111)

 

 

Vulnerability Patches

Vulnerability Patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.
 

 

CVE-2025-0108, CVE-2025-0111

Pan-OS version: 11.2.4-h4 or at least
Pan-OS version: 11.1.6-h1 or at least
Pan-OS version: 11.1.2-h18 or at least
Pan-OS version: 10.2.7-h24 or at least
Pan-OS version: 10.2.8-h21 or later
Pan-OS version: 10.2.9-h21 or later
Pan-OS version: 10.2.10-h14 or at least
Pan-OS version: 10.2.11-h12 or later
Pan-OS version: 10.2.12-h5 or at least
Pan-OS version: 10.2.13-h3 or later
Pan-OS version: 10.1.14-h9 or later

 

 

References

[1] CVE-2025-0108 PAN-OS: Authentication Bypass in the Management Web Interface
https://security.paloaltonetworks.com/CVE-2025-0108
[2] CVE-2025-0111 PAN-OS: Authenticated File Read Vulnerability in the Management Web Interface
https://security.paloaltonetworks.com/CVE-2025-0111