This is a PAN-OS issue tied to authentication and portal handling. Exploits show unauthenticated requests leading into deeper compromise depending on configuration.
PoCs in the wild demonstrate full exploit chains against exposed firewall management interfaces.
Public PoCs: