CISA has added the critical Palo Alto GlobalProtect VPN vulnerability (CVE-2025-9901) to its Known Exploited Vulnerabilities (KEV) catalog, confirming it is under widespread, active exploitation. The CVSS 10.0 flaw allows unauthenticated remote code execution and full firewall takeover.
Business Impact
This is the highest possible alert. Attackers are actively compromising unpatched corporate firewalls to gain full network access. A compromised VPN gateway allows for total data exfiltration, ransomware deployment, and persistent, stealthy access to the internal network.
Why It Happened
The vulnerability is a command injection flaw in the GlobalProtect portal’s web interface, which is internet-facing by design. Attackers are now scanning the internet and automatically compromising any unpatched devices.
Recommended Executive Action
This is an “all-hands-on-deck” emergency. If your organization has not applied the hotfixes from Palo Alto Networks, you must assume you are compromised. Patching is not enough; you must immediately activate your incident response plan and hunt for IoCs.
Hashtags: #PaloAlto #ZeroDay #CISA #KEV #Vulnerability #RCE #CyberSecurity #InfoSec #PatchNow