**Assetnote**: [Nginx/Apache Path Confusion to Auth Bypass in PAN-OS (CVE-2025-0108)](https://www.assetnote.io/resources/research/nginx-apache-path-confusion-to-auth-bypass-in-pan-os )
If I'm reading this correctly, Assetnote dropped vulnerability details and proof of concept for [CVE-2025-0108](https://www.cve.org/CVERecord?id=CVE-2025-0108 ) (CVSSv4: 8.8 high) PAN-OS: Authentication Bypass in the Management Web Interface. They are describing this as a zero-day auth bypass, but it should be called "patch bypass." See related PAN [security advisory](https://security.paloaltonetworks.com/CVE-2025-0108 ).
Fun operational mistake: Assetnote wrote This vulnerability was fixed in versions xx and yy and assigned CVE zz. in their conclusion.
#paloaltonetworks #CVE_2025_0108 #infosec #vulnerability #cve #cybersecurity #poc #proofofconcept
Not Simon 🐐
npub14g…xznd6
2025-02-12 18:35:46 UTC
in reply to nevent1q…vn4j
Author Public Key
npub14g0mj0fmn0sepfuhp2wupyk7d8xyz7rezpmrx2gfsav9vxlwxypq4xznd6Seen on
wss://relay.momostr.pinkPublished at
2025-02-12 18:35:46 UTCEvent JSON
{
"id": "d6e5fb8401211de19e0575e4851e8eb6918280c3d55b14dbb6a86522c6c7a52d",
"pubkey": "aa1fb93d3b9be190a7970a9dc092de69cc41787910763329098758561bee3102",
"created_at": 1739385346,
"kind": 1,
"tags": [
[
"e",
"31fe37ea949b57016a89374d925f929ecde46d422c5a8766798f44cca5e9704a",
"",
"root",
"aa1fb93d3b9be190a7970a9dc092de69cc41787910763329098758561bee3102"
],
[
"p",
"86b397086a130510861dd58f255fadeee1c47815185fa3bb628a06b4d6af31ac"
],
[
"e",
"176c71f499a1f9471416d3251ff486036a13a979b114a505072e145839ef0a67",
"",
"reply",
"aa1fb93d3b9be190a7970a9dc092de69cc41787910763329098758561bee3102"
],
[
"t",
"cve"
],
[
"p",
"0d873008be129d8b236e47f16c6108d533d9b1d17059c8661e9841f633505bf5"
],
[
"t",
"cve_2025_0108"
],
[
"t",
"vulnerability"
],
[
"t",
"poc"
],
[
"t",
"infosec"
],
[
"p",
"aa1fb93d3b9be190a7970a9dc092de69cc41787910763329098758561bee3102"
],
[
"t",
"cybersecurity"
],
[
"t",
"proofofconcept"
],
[
"proxy",
"https://infosec.exchange/@screaminggoat/113992358068909630",
"web"
],
[
"t",
"paloaltonetworks"
],
[
"proxy",
"https://infosec.exchange/users/screaminggoat/statuses/113992358068909630",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://infosec.exchange/users/screaminggoat/statuses/113992358068909630",
"pink.momostr"
],
[
"-"
]
],
"content": "**Assetnote**: [Nginx/Apache Path Confusion to Auth Bypass in PAN-OS (CVE-2025-0108)](https://www.assetnote.io/resources/research/nginx-apache-path-confusion-to-auth-bypass-in-pan-os )\nIf I'm reading this correctly, Assetnote dropped vulnerability details and proof of concept for [CVE-2025-0108](https://www.cve.org/CVERecord?id=CVE-2025-0108 ) (CVSSv4: 8.8 high) PAN-OS: Authentication Bypass in the Management Web Interface. They are describing this as a zero-day auth bypass, but it should be called \"patch bypass.\" See related PAN [security advisory](https://security.paloaltonetworks.com/CVE-2025-0108 ).\n\nFun operational mistake: Assetnote wrote This vulnerability was fixed in versions xx and yy and assigned CVE zz. in their conclusion.\n\n#paloaltonetworks #CVE_2025_0108 #infosec #vulnerability #cve #cybersecurity #poc #proofofconcept",
"sig": "e3b3cdb986f79959a765031ef911a6fe4ca02d5ae3b17f3c4919c2f3ae994857ac2156db5283766a46608de94d0654adb05c31d0c95e0fa797f231fa12683ea5"
}