Version Minor Version Suggested Solution PAN-OS 10.1 10.1.0 through 10.1.14 Upgrade to 10.1.14-h9 or later PAN-OS 10.2 10.2.0 through 10.2.13 Upgrade to 10.2.13-h3 or later  10.2.7Upgrade to 10.2.7-h24 or 10.2.13-h3 or later 10.2.8Upgrade to 10.2.8-h21 or 10.2.13-h3 or later 10.2.9Upgrade to 10.2.9-h21 or 10.2.13-h3 or later 10.2.10Upgrade to 10.2.10-h14 or 10.2.13-h3 or later 10.2.11Upgrade to 10.2.11-h12 or 10.2.13-h3 or later  10.2.12Upgrade to 10.2.12-h6 or 10.2.13-h3 or later PAN-OS 11.0 (EoL) Upgrade to a supported fixed versionPAN-OS 11.1 11.1.0 through 11.1.6 Upgrade to 11.1.6-h1 or later  11.1.2Upgrade to 11.1.2-h18 or 11.1.6-h1 or later PAN-OS 11.2 11.2.0 through 11.2.4 Upgrade to 11.2.4-h4 or laterNote: PAN-OS 11.0 reached end of life (EoL) on November 17, 2024. No additional fixes are planned for this release.

The risk is greatest if you enabled access to the management interface from the internet or any untrusted network either: * Directly; or * Through a dataplane interface that includes a management interface profile. You greatly reduce the risk if you ensure that you allow only trusted internal IP addresses to access the management interface. Use the following steps to identify your recently detected devices in our internet scans. * To find any assets that require remediation action, visit the Assets section of the Customer Support Portal at  https://support.paloaltonetworks.com https://support.paloaltonetworks.com/  (Products → Assets → All Assets → Remediation Required). * Review the list of your devices that we discovered in our scans to have an internet-facing management interface and that we tagged with ‘PAN-SA-2024-0015’ and a last seen timestamp (in UTC). If you do not see any such devices listed, then our scan did not find any devices on your account to have an internet-facing management interface within the past three days. GlobalProtect portals and gateways are not vulnerable to this issue. However, if you configure a management profile on interfaces with GlobalProtect portals or gateways, then you expose the device to attacks through the management web interface (typically accessible on port 4443).

Recommended mitigation—The vast majority of firewalls already follow Palo Alto Networks and industry best practices. However, if you have not already, we strongly recommend that you secure access to your management interface according to our  https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 * Palo Alto Networks official and detailed technical documentation: https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices Additionally, customers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID 510000 and 510001 (introduced in Applications and Threats content version 8943).

Palo Alto Networks has observed exploit attempts chaining CVE-2025-0108 with CVE-2024-9474 and CVE-2025-0111 on unpatched and unsecured PAN-OS web management interfaces.