CVE-2025-0111

Warning

EPSS 4.42%
Published 12.02.2025 21:15:16
Last modified 21.02.2025 14:50:23
Source psirt@paloaltonetworks.com
Teams watchlist Login
Open Login

An authenticated file read vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated attacker with network access to the management web interface to read files on the PAN-OS filesystem that are readable by the “nobody” user.

You can greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended  best practices deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .



This issue does not affect Cloud NGFW or Prisma Access software.

Affected products Warnungen 1 Metrics 3 CWE 2 References 4

Data is provided by the National Vulnerability Database (NVD)

Paloaltonetworks ≫ Pan-os Version >= 10.1.0 < 10.1.14

Paloaltonetworks ≫ Pan-os Version >= 10.2.0 < 10.2.7

Paloaltonetworks ≫ Pan-os Version >= 10.2.10 < 10.2.12

Paloaltonetworks ≫ Pan-os Version >= 11.0.0 < 11.1.6

Paloaltonetworks ≫ Pan-os Version >= 11.2.0 < 11.2.4

Paloaltonetworks ≫ Pan-os Version10.1.14 Update-

Paloaltonetworks ≫ Pan-os Version10.1.14 Updateh2

Paloaltonetworks ≫ Pan-os Version10.1.14 Updateh4

Paloaltonetworks ≫ Pan-os Version10.1.14 Updateh6

Paloaltonetworks ≫ Pan-os Version10.1.14 Updateh8

Paloaltonetworks ≫ Pan-os Version10.2.7 Update-

Paloaltonetworks ≫ Pan-os Version10.2.7 Updateh1

Paloaltonetworks ≫ Pan-os Version10.2.7 Updateh12

Paloaltonetworks ≫ Pan-os Version10.2.7 Updateh16

Paloaltonetworks ≫ Pan-os Version10.2.7 Updateh18

Paloaltonetworks ≫ Pan-os Version10.2.7 Updateh19

Paloaltonetworks ≫ Pan-os Version10.2.7 Updateh21

Paloaltonetworks ≫ Pan-os Version10.2.7 Updateh3

Paloaltonetworks ≫ Pan-os Version10.2.7 Updateh6

Paloaltonetworks ≫ Pan-os Version10.2.7 Updateh8

Paloaltonetworks ≫ Pan-os Version10.2.8 Update-

Paloaltonetworks ≫ Pan-os Version10.2.8 Updateh10

Paloaltonetworks ≫ Pan-os Version10.2.8 Updateh13

Paloaltonetworks ≫ Pan-os Version10.2.8 Updateh15

Paloaltonetworks ≫ Pan-os Version10.2.8 Updateh18

Paloaltonetworks ≫ Pan-os Version10.2.8 Updateh19

Paloaltonetworks ≫ Pan-os Version10.2.8 Updateh3

Paloaltonetworks ≫ Pan-os Version10.2.8 Updateh4

Paloaltonetworks ≫ Pan-os Version10.2.9 Update-

Paloaltonetworks ≫ Pan-os Version10.2.9 Updateh1

Paloaltonetworks ≫ Pan-os Version10.2.9 Updateh11

Paloaltonetworks ≫ Pan-os Version10.2.9 Updateh14

Paloaltonetworks ≫ Pan-os Version10.2.9 Updateh16

Paloaltonetworks ≫ Pan-os Version10.2.9 Updateh18

Paloaltonetworks ≫ Pan-os Version10.2.9 Updateh19

Paloaltonetworks ≫ Pan-os Version10.2.9 Updateh9

Paloaltonetworks ≫ Pan-os Version10.2.12 Update-

Paloaltonetworks ≫ Pan-os Version10.2.12 Updateh1

Paloaltonetworks ≫ Pan-os Version10.2.12 Updateh2

Paloaltonetworks ≫ Pan-os Version10.2.12 Updateh3

Paloaltonetworks ≫ Pan-os Version10.2.12 Updateh4

Paloaltonetworks ≫ Pan-os Version10.2.13 Update-

Paloaltonetworks ≫ Pan-os Version10.2.13 Updateh1

Paloaltonetworks ≫ Pan-os Version10.2.13 Updateh2

Paloaltonetworks ≫ Pan-os Version11.1.6 Update-

Paloaltonetworks ≫ Pan-os Version11.2.4 Update-

Paloaltonetworks ≫ Pan-os Version11.2.4 Updateh1

Paloaltonetworks ≫ Pan-os Version11.2.4 Updateh2

20.02.2025: CISA Known Exploited Vulnerabilities (KEV) Catalog

Palo Alto Networks PAN-OS File Read Vulnerability

Vulnerability

Palo Alto Networks PAN-OS contains an external control of file name or path vulnerability. Successful exploitation enables an authenticated attacker with network access to the management web interface to read files on the PAN-OS filesystem that are readable by the “nobody” user.

Description

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Required actions

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	4.42%	0.886

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
psirt@paloaltonetworks.com	7.1	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:M/U:Red

CWE-610 Externally Controlled Reference to a Resource in Another Sphere

The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.

CWE-73 External Control of File Name or Path

The product allows user input to control or influence paths or file names that are used in filesystem operations.

https://security.paloaltonetworks.com/CVE-2025-0111

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-0111

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-0111

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-0111

EUVD