Unauthenticated File Deletion Vulnerability in Palo Alto Networks PAN-OS Management Interface
CVE-2025-0109

2.1LOW

Key Information:

Vendor: Palo Alto Networks
Status: Cloud Ngfw; Pan-os; Prisma Access
Vendor: CVE Published:; 12 February 2025

Badges

👾 Exploit Exists

Summary

A vulnerability exists in the management web interface of Palo Alto Networks' PAN-OS that allows an unauthenticated attacker with network access to delete specific files, including certain logs and configuration files, operating as the 'nobody' user. While system files remain unaffected, this issue poses a risk to the integrity of log maintenance and configuration management. To mitigate this risk, it is crucial to restrict access to the management web interface to only trusted internal IP addresses, aligning with best practice guidelines outlined by Palo Alto Networks. This vulnerability does not impact Cloud NGFW or Prisma Access software.

Affected Version(s)

PAN-OS 10.1.0 < 10.1.14-h9

PAN-OS 10.2.0 < 10.2.7-h24

PAN-OS 11.1.0 < 11.1.6-h1

References

https://security.paloaltonetworks.com/CVE-2024-0109

vendor-advisory

CVSS V4

Score:

2.1

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Timeline

👾
Exploit known to exist
Feb 12, 2025
Vulnerability published
Feb 12, 2025
Vulnerability Reserved
Dec 20, 2024

Credit

Maxime Escourbiac of Michelin CERT

Yassine Bengana from Abicom for Michelin CERT

Sonny of watchTowr (https://watchtowr.com/)

our Deep Product Security Research Team