How severe is CVE-2025-0108?

This vulnerability has a severity rating of HIGH with a CVSS score of 9.1 out of 10.

What type of vulnerability is CVE-2025-0108?

This is classified as CWE-306, which is a common weakness in software security.

CVE-2025-0108

HIGH Year: 2025

CVSS v3 Score

9.1

Critical

Weakness Type

CWE-306

View all →

Vulnerability Description

An authentication bypass in the Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to bypass the authentication otherwise required by the PAN-OS management web interface and invoke certain PHP scripts. While invoking these PHP scripts does not enable remote code execution, it can negatively impact integrity and confidentiality of PAN-OS. You can greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended best practices deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue does not affect Cloud NGFW or Prisma Access software.

CVE-2018-19248

CRITICAL

CVSS:9.1(Critical)

The web service on Epson WorkForce WF-2861 10.48 LQ22I3(Recovery-mode), WF-2861 10.51.LQ20I6, and WF-2861 10.52.LQ17IA devices allows remote attackers to upload a firmware file and reset the printer w...

CWE-3062018

CVE-2019-10668

CRITICAL

CVSS:9.1(Critical)

An issue was discovered in LibreNMS through 1.47. A number of scripts import the Authentication libraries, but do not enforce an actual authentication check. Several of these scripts disclose informat...

CWE-3062019

CVE-2019-11496

CRITICAL

CVSS:9.1(Critical)

In versions of Couchbase Server prior to 5.0, the bucket named "default" was a special bucket that allowed read and write access without authentication. As part of 5.0, the behavior of all buckets inc...

CWE-3062019

CVE-2019-17512

CRITICAL

CVSS:9.1(Critical)

There are some web interfaces without authentication requirements on D-Link DIR-412 A1-1.14WW routers. An attacker can clear the router's log file via act=clear&logtype=sysact to log_clear.php, which ...

CWE-3062019

CVE-2019-4244

CRITICAL

CVSS:9.1(Critical)

IBM SmartCloud Analytics 1.3.1 through 1.3.5 could allow a remote attacker to gain unauthorized information and unrestricted control over Zookeeper installations due to missing authentication. IBM X-F...

CWE-3062019

CVE-2019-5077

CRITICAL

CVSS:9.1(Critical)

An exploitable denial-of-service vulnerability exists in the iocheckd service ‘’I/O-Chec’’ functionality of WAGO PFC 200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC 100 Firmware vers...

CWE-3062019

CVE-2025-0108

Vulnerability Description

Related Vulnerabilities

CVE-2018-19248

CVE-2019-10668

CVE-2019-11496

CVE-2019-17512

CVE-2019-4244

CVE-2019-5077