CVE-2025-0111
Palo Alto Networks PAN-OS File Read Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
YesDecision
Descriptions
An authenticated file read vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated attacker with network access to the management web interface to read files on the PAN-OS filesystem that are readable by the “nobody” user. You can greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended best practices deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue does not affect Cloud NGFW or Prisma Access software.
Palo Alto Networks PAN-OS contains an external control of file name or path vulnerability. Successful exploitation enables an authenticated attacker with network access to the management web interface to read files on the PAN-OS filesystem that are readable by the “nobody” user.
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2024-12-20 CVE Reserved
- 2025-02-12 CVE Published
- 2025-02-20 Exploited in Wild
- 2025-02-21 CVE Updated
- 2025-03-13 KEV Due Date
- 2025-06-02 EPSS Updated
- ---------- First Exploit
CWE
- CWE-73: External Control of File Name or Path
CAPEC
- CAPEC-165: File Manipulation
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://security.paloaltonetworks.com/CVE-2025-0111 | 2025-02-12 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Palo Alto Networks Search vendor "Palo Alto Networks" | Cloud Ngfw Search vendor "Palo Alto Networks" for product "Cloud Ngfw" | * | - |
Affected
| ||||||
Palo Alto Networks Search vendor "Palo Alto Networks" | Pan-os Search vendor "Palo Alto Networks" for product "Pan-os" | * | - |
Affected
| ||||||
Palo Alto Networks Search vendor "Palo Alto Networks" | Prisma Access Search vendor "Palo Alto Networks" for product "Prisma Access" | * | - |
Affected
| ||||||
Paloaltonetworks Search vendor "Paloaltonetworks" | Pan-os Search vendor "Paloaltonetworks" for product "Pan-os" | * | - |
Affected
|