Palo Alto PAN-OS: Authenticated Admin File Read via CLI: CVE-2025-0115 March 2025

PAN-OS: Authenticated Admin File Read Vulnerability in PAN-OS CLI
A vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated admin on the PAN-OS CLI to read arbitrary files. The attacker must have network access to the management interface (web, SSH, console, or telnet) and successfully authenticate to exploit this issue. You can greatly reduce the risk of this issue by restricting access to the management interface to only trusted users and internal IP addresses according to our recommended critical deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue does not affect Cloud NGFW or Prisma Access.

Timeline

2025-03-14

Added recommended mitigation measures

2025-03-12

Initial Publication

Weakness Type

Improper Resolution of Path Equivalence

The system or application is vulnerable to file system contents disclosure through path equivalence. Path equivalence involves the use of special characters in file and directory names. The associated manipulations are intended to generate multiple names for the same object. Path equivalence is usually employed in order to circumvent access controls expressed using an incomplete set of file name or file path representations. This is different from path traversal, wherein the manipulations are performed to generate a name for a different object.

Products Associated with CVE-2025-0115

Want to know whenever a new CVE is published for Palo Alto Networks PAN-OS? stack.watch will email you.

Affected Versions

Exploit Probability

EPSS

0.05%

Percentile

13.75%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.