// For flags

CVE-2025-0111

Palo Alto Networks PAN-OS File Read Vulnerability

Severity Score

7.1
*CVSS v4

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

Yes
*KEV

Decision

Attend
*SSVC
Descriptions

An authenticated file read vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated attacker with network access to the management web interface to read files on the PAN-OS filesystem that are readable by the “nobody” user. You can greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended best practices deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue does not affect Cloud NGFW or Prisma Access software.

Palo Alto Networks PAN-OS contains an external control of file name or path vulnerability. Successful exploitation enables an authenticated attacker with network access to the management web interface to read files on the PAN-OS filesystem that are readable by the “nobody” user.

*Credits: Émilio Gonzalez, Maxime Gaudreault, our Deep Product Security Research Team
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Attack Requirements
None
Privileges Required
Low
User Interaction
None
System
Vulnerable | Subsequent
Confidentiality
High
None
Integrity
None
None
Availability
None
None
Attack Vector
Network
Attack Complexity
Low
Attack Requirements
None
Privileges Required
Low
User Interaction
None
System
Vulnerable | Subsequent
Confidentiality
High
None
Integrity
None
None
Availability
None
None
Attack Vector
Network
Attack Complexity
Low
Attack Requirements
Present
Privileges Required
High
User Interaction
None
System
Vulnerable | Subsequent
Confidentiality
High
None
Integrity
None
None
Availability
None
None
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:Attend
Exploitation
Active
Automatable
No
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2024-12-20 CVE Reserved
  • 2025-02-12 CVE Published
  • 2025-02-20 Exploited in Wild
  • 2025-02-21 CVE Updated
  • 2025-03-13 KEV Due Date
  • 2025-06-02 EPSS Updated
  • ---------- First Exploit
CWE
  • CWE-73: External Control of File Name or Path
CAPEC
  • CAPEC-165: File Manipulation
References (1)
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Palo Alto Networks
Search vendor "Palo Alto Networks"
Cloud Ngfw
Search vendor "Palo Alto Networks" for product "Cloud Ngfw"
*-
Affected
Palo Alto Networks
Search vendor "Palo Alto Networks"
Pan-os
Search vendor "Palo Alto Networks" for product "Pan-os"
*-
Affected
Palo Alto Networks
Search vendor "Palo Alto Networks"
Prisma Access
Search vendor "Palo Alto Networks" for product "Prisma Access"
*-
Affected
Paloaltonetworks
Search vendor "Paloaltonetworks"
Pan-os
Search vendor "Paloaltonetworks" for product "Pan-os"
*-
Affected