CVE-2025-0111: PAN-OS: Authenticated File Read Vulnerability in the Management Web Interface

7.1 CVSS

Description

An authenticated file read vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated attacker with network access to the management web interface to read files on the PAN-OS filesystem that are readable by the “nobody” user.

You can greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended best practices deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .

This issue does not affect Cloud NGFW or Prisma Access software.

Known Exploited

🚨 Marked as known exploited on February 20th, 2025 (about 2 months ago).

Classification

CVE ID: CVE-2025-0111

CVSS Base Severity: HIGH

CVSS Base Score: 7.1

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/AU:N/R:U/V:C/RE:M/U:Amber

Affected Products

Vendor: Palo Alto Networks

Product: Cloud NGFW

Exploit Prediction Scoring System (EPSS)

EPSS Score: 2.94% (probability of being exploited)

EPSS Percentile: 90.9% (scored less or equal to compared to others)

EPSS Date: 2025-03-13 (when was this score calculated)

References

https://security.paloaltonetworks.com/CVE-2025-0111

Timeline

2025-02-13 00:33:15 UTC
CVE

PAN-OS: Authenticated File Read Vulnerability in the Management Web Interface
2025-02-13 10:15:17 UTC
Palo Alto Networks Security Advisories

CVE-2025-0111 PAN-OS: Authenticated File Read Vulnerability in the Management Web Interface (Severity: MEDIUM)
2025-02-18 23:15:20 UTC
Palo Alto Networks Security Advisories

CVE-2025-0111 PAN-OS: Authenticated File Read Vulnerability in the Management Web Interface (Severity: HIGH)
2025-02-20 15:45:17 UTC
CISA KEV

Palo Alto Networks PAN-OS File Read Vulnerability
2025-02-20 15:46:41 UTC
🚨 Marked as Known Exploited