03-05-2025 01:40 AM
Hello everyone,
maybe this is a silly question, but as far as I can see the current PAN-OS 10.2 preferred release dates back in november and does not include fixes for recently discovered vulnerabilities (CVE-2025-0108, for example). I usually put a vulnerability protection profile in front of my management networks, but this vulnerability is not covered by any threat prevention signature. To my understandings, this means that running the currently preferred release leaves the firewall vulnerable to this particular threat. Am I right or am I missing something?
Kind regards
03-05-2025 03:51 AM
Hi @grenzi ,
Here's the advisory for CVE-2025-0108:
https://security.paloaltonetworks.com/CVE-2025-0108
You will find 10.2 versions listed here that are unaffected by the vulnerability.
Kind regards,
-Kim.
03-05-2025 04:06 AM
Hi @grenzi ,
That is a good point. I went ahead and upgraded to a fixed version since it is only a couple minor releases different. The only changes in the software will be vulnerability fixes. I don't know the exact process, but PANW always waits a while before marking a new release as preferred. I believe they look at the support cases for a little while to make sure there are no bad bugs in the code.
Thanks,
Tom
03-05-2025 04:12 AM
Hi Kiwi, thank you. I know about the patch releases that fix this vulnerability; my only concern is that che currently preferred release is affected, so the solution is to install a "non preferred" release. Anyway I saw other similar questions on the community, for example: https://live.paloaltonetworks.com/t5/general-topics/cve-2025-0108/td-p/1220580
I'm not afraid of upgrading, it's only a matter of, let's say, consistence 🙂
03-05-2025 07:21 AM
Hello,
Here is what I do to see what gets patched etc. I first look a the vulnerability and see to what degree I am affected. If we look at CVE-2025-0108, the main issue is "an unauthenticated attacker with network access to the management web interface to bypass the authentication". Since I have my management interfaces protected by the PAN and policies allowed via user-id, its a very low impact for me. Meaning I only allow those who should/do have access already so not a big deal.
So if there was not a preferred release that has the patch applied, I could wait since the likelihood of this being exploited is extremely low to nonexistent.
Happy to discuss how to protect the management interface if you wish. Maybe I'll write and article on it?
Hope this helps.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
