PAN-OS Authenticated Web Interface File-Read Exploit
CVE-2025-0111 Published on February 12, 2025
PAN-OS: Authenticated File Read Vulnerability in the Management Web Interface
An authenticated file read vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated attacker with network access to the management web interface to read files on the PAN-OS filesystem that are readable by the nobody user.
You can greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended best practices deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .
This issue does not affect Cloud NGFW or Prisma Access software.
Known Exploited Vulnerability
This Palo Alto Networks PAN-OS File Read Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Palo Alto Networks PAN-OS contains an external control of file name or path vulnerability. Successful exploitation enables an authenticated attacker with network access to the management web interface to read files on the PAN-OS filesystem that are readable by the “nobody” user.
The following remediation steps are recommended / required by March 13, 2025: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Timeline
Updated fix availability for PAN-OS 10.2 and 11.1
Updated exploit status and solution table
Updated fix availability for PAN-OS 10.2
Added Threat Prevention Threat ID to Workarounds and Mitigations
Initial Publication
Weakness Type
External Control of File Name or Path
The software allows user input to control or influence paths or file names that are used in filesystem operations.
Products Associated with CVE-2025-0111
Want to know whenever a new CVE is published for Palo Alto Networks PAN-OS? stack.watch will email you.
Affected Versions
Palo Alto Networks Cloud NGFW:- Version All is unaffected.
- Version 10.1.0 and below 10.1.14-h9 is affected.
- Version 10.2.0 and below 10.2.7-h24 is affected.
- Version 11.1.0 and below 11.1.6-h1 is affected.
- Version 11.2.0 and below 11.2.4-h4 is affected.
- Version All is unaffected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.