Command Injection Vulnerability in Palo Alto Networks PAN-OS OpenConfig Plugin
CVE-2025-0110

7.5HIGH

Key Information:

Vendor
Palo Alto Networks
Status
Pan-os Openconfig Plugin
Vendor
CVE Published:
12 February 2025

Badges

📈 Score: 1,070👾 Exploit Exists

What is CVE-2025-0110?

CVE-2025-0110 is a command injection vulnerability affecting the Palo Alto Networks PAN-OS OpenConfig plugin. This vulnerability allows an authenticated administrator to send gNMI requests to the PAN-OS management web interface, enabling them to bypass system restrictions and execute arbitrary commands. The commands are executed with the privileges of the "__openconfig" user, who holds the Device Administrator role. If exploited, this vulnerability can significantly undermine the security posture of organizations relying on Palo Alto Networks firewalls, potentially leading to unauthorized access and operational disruptions.

Technical Details

The vulnerability stems from inadequate input validation within the OpenConfig plugin in PAN-OS. Specifically, it occurs when an authenticated administrator makes gNMI requests to the management web interface. Attackers can inject commands that the system will execute, posing a risk of executing unintended operations. This injection capability allows the attacker to leverage the privileges associated with the "__openconfig" user, making it crucial for organizations to safeguard access to the management interface.

Potential Impact of CVE-2025-0110

  1. Unauthorized Command Execution: The ability to run arbitrary commands under the privileges of the "__openconfig" user can lead to significant unauthorized changes in the firewall configurations, potentially allowing attackers to alter security policies, access controls, or even disable critical protections.

  2. Privileged Access Compromise: Since commands are executed with the privileges of a Device Administrator, this vulnerability can lead to a complete compromise of the firewall's management functions, enabling attackers to further infiltrate the network.

  3. Operational Disruption: Exploitation of this vulnerability can result in unintended disruptions in network operations or service outages as critical firewall commands could be manipulated, leading to downtime or degradation of network services.

Affected Version(s)

PAN-OS OpenConfig Plugin 1.0.0 < 2.1.2

References

https://security.paloaltonetworks.com/CVE-2025-0110
vendor-advisory

CVSS V4

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Google GDCE
.