This new vulnerability brings to mind an almost identical Palo Alto Networks DoS issue from late 2024, CVE-2024-3393, that also put affected firewalls into maintenance mode. On that occasion, attackers found out about the issue before patches appeared, making it a zero-day vulnerability.
More recently, in December, threat intelligence company GreyNoise noticed an uptick in automated login attempts targeting both GlobalProtect and Cisco VPNs, while earlier in 2025, PAN-OS was affected by a serious zero day flaw, CVE-2025-0108, that allowed attackers to bypass login authentication.
“According to Palo Alto Networks’ security advisories, the company has reported almost 500 vulnerabilities to date, many of which affected PAN-OS. A significant minority related to DoS issues,” a spokesperson for threat intelligence company Flashpoint observed. “[But] a notable portion of Palo Alto disclosures historically did not receive CVE identifiers, particularly older PAN-OS issues, which can complicate longitudinal comparison across vendors.”
