Summary: Customers of Palo Alto Networks and SonicWall are urged to patch vulnerabilities in their products due to active exploitation by threat actors. SonicWall’s CVE-2024-53704 and Palo Alto Networks’ CVE-2025-0108 allow attackers to bypass authentication mechanisms, posing significant security risks. Users are advised to update their systems immediately or disable SSLVPN as a temporary measure if updates are not feasible.
Affected: Palo Alto Networks, SonicWall
Keypoints :
- SonicWall’s authentication bypass vulnerability affects various firewall devices running SonicOS.
- Palo Alto Networks’ vulnerability impacts the management web interface of PAN-OS, allowing unauthenticated access to PHP scripts.
- Security advisories recommend immediate updates; threat actors have been observed actively attempting exploitation.
Source: https://www.infosecurity-magazine.com/news/palo-alto-networks-sonicwall/