Authenticated File Read Vulnerability in Palo Alto Networks PAN-OS Software
CVE-2025-0111

5.9MEDIUM

Key Information:

Vendor
Palo Alto Networks
Status
Cloud Ngfw
Pan-os
Prisma Access
Vendor
CVE Published:
12 February 2025

Badges

👾 Exploit Exists🦅 CISA Reported📰 News Worthy

Summary

The vulnerability in Palo Alto Networks PAN-OS allows an authenticated attacker with access to the management web interface the capability to read files on the filesystem that are readable by the 'nobody' user. This could potentially expose sensitive information if an attacker is able to leverage this access. To mitigate this risk, it is advised to restrict the management web interface access to trusted internal IP addresses, following the recommended best practices for deployment. Note that this issue does not impact Cloud NGFW or Prisma Access software.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

PAN-OS 10.1.0 < 10.1.14-h9

PAN-OS 10.2.0 < 10.2.7-h24

PAN-OS 11.1.0 < 11.1.6-h1

News Articles

favicon imageTechTarget

Palo Alto Networks vulnerabilities exploited in chained attack | Te...

Palo Alto Networks updated advisories for vulnerabilities CVE-2025-0111 and CVE-2025-0108 to warn customers of an exploit chain being used in attacks.

favicon imageSecurity Affairs

U.S. CISA adds Craft CMS and Palo Alto Networks PAN-OS flaws to its Known Exploited Vulnerabilities catalog

U.S. CISA adds Craft CMS and Palo Alto Networks PAN-OS vulnerabilities to its Known Exploited Vulnerabilities catalog.

favicon imageSecurityWeek

Second Recently Patched Flaw Exploited to Hack Palo Alto Firewalls

Palo Alto Networks is warning customers that a second vulnerability patched in February is being exploited in attacks.

References

https://security.paloaltonetworks.com/CVE-2025-0111
vendor-advisory

EPSS Score

5% chance of being exploited in the next 30 days.

CVSS V4

Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 🦅

    CISA Reported

  • 📰

    First article discovered by Security Affairs

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

a customer
our Deep Product Security Research Team
.