Palo Alto, SonicWall Warn of Critical Vulnerabilities in Firewall Products
Cybersecurity firms Palo Alto Networks and SonicWall have issued urgent warnings to their customers about critical vulnerabilities in their products. These flaws, if left unpatched, could allow attackers to gain unauthorized access to networks.
Palo Alto Networks has warned users about the CVE-2025-0108 vulnerability in their PAN-OS management web interface. This bug, discovered by the company itself, allows attackers to bypass authentication and gain control over affected devices. Security researchers have confirmed active exploitation of this vulnerability, making it a pressing concern.
SonicWall, on the other hand, faces the CVE-2024-53704 authentication bypass bug in its SonicOS. This issue, also allowing remote attackers to bypass authentication, has publicly available proof-of-concepts, significantly increasing the risk of exploitation.
Both companies urge their customers to update their products to the latest patched versions. If updates are not possible, SonicWall recommends disabling SSLVPN. GCHQ's NCSC and allies have published new guidance to improve security standards for edge device manufacturers.
With active exploitation of these vulnerabilities, Palo Alto Networks and SonicWall customers must prioritize patching their products. Edge devices like firewalls are prime targets for attacks due to their strategic network locations. Staying updated and following the latest security guidance is crucial to protect networks from potential breaches.
