5.1
CVE-2025-0124
- EPSS 0.08%
- Published 11.04.2025 02:15:18
- Last modified 02.10.2025 15:16:35
- Source psirt@paloaltonetworks.com
- Teams watchlist Login
- Open Login
An authenticated file deletion vulnerability in the Palo Alto Networks PAN-OS® software enables an authenticated attacker with network access to the management web interface to delete certain files as the “nobody” user; this includes limited logs and configuration files but does not include system files. The attacker must have network access to the management web interface to exploit this issue. You greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended critical deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue affects Cloud NGFW. However, this issue does not affect Prisma® Access software.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users. Login
Data is provided by the National Vulnerability Database (NVD)
Paloaltonetworks ≫ Pan-os Version >= 10.1.0 < 10.1.14
Paloaltonetworks ≫ Pan-os Version >= 10.2.0 < 10.2.10
Paloaltonetworks ≫ Pan-os Version >= 11.0.0 < 11.0.6
Paloaltonetworks ≫ Pan-os Version >= 11.1.0 < 11.1.5
Paloaltonetworks ≫ Pan-os Version >= 11.2.0 < 11.2.1
Paloaltonetworks ≫ Pan-os Version10.1.14 Update-
Paloaltonetworks ≫ Pan-os Version10.1.14 Updateh1
Paloaltonetworks ≫ Pan-os Version10.1.14 Updateh10
Paloaltonetworks ≫ Pan-os Version10.1.14 Updateh2
Paloaltonetworks ≫ Pan-os Version10.1.14 Updateh3
Paloaltonetworks ≫ Pan-os Version10.1.14 Updateh4
Paloaltonetworks ≫ Pan-os Version10.1.14 Updateh5
Paloaltonetworks ≫ Pan-os Version10.1.14 Updateh6
Paloaltonetworks ≫ Pan-os Version10.1.14 Updateh7
Paloaltonetworks ≫ Pan-os Version10.1.14 Updateh8
Paloaltonetworks ≫ Pan-os Version10.1.14 Updateh9
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.08% | 0.234 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 3.8 | 1.2 | 2.5 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L
|
| psirt@paloaltonetworks.com | 5.1 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:M/U:Amber
|
CWE-73 External Control of File Name or Path
The product allows user input to control or influence paths or file names that are used in filesystem operations.