Cybersecurity giant Palo Alto Networks is alerting customers that a zero-day vulnerability in its firewall tool is being exploited by hackers.

The company released an advisory on Friday morning about CVE-2024-3400 — a vulnerability in the popular GlobalProtect VPN product that was unknown to researchers until this week. The bug carries the highest severity score possible of 10.

Palo Alto Networks said that it “is aware of a limited number of attacks that leverage the exploitation of this vulnerability.”

The company did not respond to requests for comment about how many customers were affected, where they are based or who was behind the attacks.

A patch will be available to customers by Sunday, the advisory said. In the meantime, Palo Alto Networks provided several mitigations customers can take to protect themselves.

The bug was discovered by researchers at cybersecurity firm Volexity. That  company’s president, Steven Adair, said Friday on social media that it discovered the initial attacks two days ago. 

The Cybersecurity and Infrastructure Security Agency (CISA) added the GlobalProtect flaw to its list of known exploited vulnerabilities almost immediately, signaling urgency in the need for federal agencies to patch the bug. 

In a rare move, CISA gave federal civilian agencies just seven days to apply mitigations, a shortened timeline compared to the three weeks given to most bugs. 

VPN products have become frequent targets for attack by threat actors in recent years due to the expansion of remote work and the widespread use of the tools among governments.

Palo Alto was previously affected by a vulnerability affecting its firewall product in 2022 that was used in a distributed denial-of-service (DDoS) attack.