CVE-2025-0108 is a critical authentication bypass in the PAN-OS GlobalProtect web management interface with a CVSS base score of 9.1 and EPSS at the 99.9th percentile, with confirmed active exploitation across multiple attack waves. Unauthenticated attackers with network reachability to the management plane can bypass access controls entirely. Organizations with internet-exposed PAN-OS management interfaces face immediate risk of unauthorized access and lateral movement into VPN-protected infrastructure.