Active Cyber Attacks Target Palo Alto PAN-OS and Craft CMS Vulnerabilities

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding ongoing cyber attacks exploiting vulnerabilities in both Craft CMS and Palo Alto Networks' PAN-OS firewall operating system. IT administrators are urged to apply the latest updates to mitigate potential risks.

Recently identified vulnerabilities include a critical flaw in PAN-OS, which was disclosed a week ago and subsequently patched through software updates. This specific vulnerability allows attackers to bypass authentication protocols in the management web interface of Palo Alto firewalls. Although this flaw does not permit the execution of malicious code, it enables unauthorized access to the interface, where attackers can execute certain PHP scripts (CVE-2025-0108, CVSS score: 8.8). Exploit code for this vulnerability has been circulating online, raising concerns about its exploitation by malicious actors.

Updates addressing these vulnerabilities have been available for a week, covering versions PAN-OS 10.1.14-h9, 10.2.13-h3, 11.1.6-h1, and 11.2.4-h4, as well as subsequent releases.

In addition to the PAN-OS vulnerabilities, CISA has also noted attacks targeting Craft CMS. The exploited vulnerability in Craft CMS allows attackers to infiltrate and execute harmful code remotely, affecting installations of Craft versions 4 and 5 where the security key has been compromised (CVE-2025-23209, CVSS score: 8.1). Administrators are strongly advised to keep this security key confidential, as highlighted in the Craft CMS security guidelines. The vulnerable versions include Craft 5.5.8 and 4.13.8 and their newer iterations.

While CISA has acknowledged these attacks, it has not provided specific details regarding their scale or impact. There are currently no identified indicators of compromise that would allow IT professionals to assess whether their systems have been successfully targeted. This uncertainty emphasizes the importance of promptly applying available updates to safeguard systems from potential breaches.

As cyber threats continue to evolve, it is crucial for organizations using these technologies to stay vigilant and ensure their systems are up to date with the latest security patches to minimize vulnerabilities.