CVE-2025-0111:Authenticated file read vulnerability in the PAN-OS management web interface could allow an authenticated remote attacker with network access to read files on the PAN-OS filesystem that are readable by the nobody user. The risk is greatest if the management interface is exposed to the internet or an untrusted network. This issue does not affect Cloud NGFW or Prisma Access.

splash
Back

Description Preview

PAN-OS contains an authenticated file read vulnerability that enables an attacker who has network access to the management web interface to read files on the PAN-OS filesystem that are readable by the nobody user. Palo Alto Networks notes that restricting access to the management interface to trusted internal IP addresses significantly reduces the risk. An attacker may chain this vulnerability with other exploits (for example CVE-2025-0108) on unsecured PAN-OS web management interfaces. The issue does not affect Cloud NGFW or Prisma Access software. Remediation guidance emphasizes upgrading to fixed PAN-OS releases and applying best-practices access controls to management interfaces.

Overview

This CVE (CVE-2025-0111) is categorized as CWE-73 External Control of File Name or Path and is described as an authenticated file read vulnerability affecting PAN-OS, with exploitation requiring network access to the management web interface. The impact is notable for files read by the nobody user, and the CVSS assessments include a high base score of 7.1 (CVSS v4.0) reflecting remote, unauthenticated exposure under certain conditions, and a secondary metric indicating medium severity with higher privileges required in some contexts. The vulnerability affects multiple PAN-OS lines across versions with a fix in newer builds; the highest risk remains when management access is reachable from external networks. Palo Alto Networks notes that the vulnerability does not impact Cloud NGFW or Prisma Access. Exploit attempts have been observed chaining this vulnerability with other PAN-OS web management interface flaws on unsecured devices.

Remediation

Mitigation starts with restricting access to the management interface to trusted internal IP addresses or via a jump box, thereby limiting exposure to the management web interface. In terms of patching, upgrade to fixed PAN-OS releases as indicated: for PAN-OS 10.1, upgrade to 10.1.14-h9 or later; for PAN-OS 10.2, upgrade to 10.2.13-h3 or later (note that 10.2.7-h24, 10.2.8-h21, 10.2.9-h21, 10.2.12-h6, 10.2.13-h3 are cited as the progression endpoints); for PAN-OS 11.x, upgrade to 11.1.6-h1 or later (11.1.2-h18 or later for 11.1.x); and for PAN-OS 11.2, upgrade to 11.2.4-h4 or later. It is also important to note that PAN-OS 11.0 is end-of-life, and no further fixes are planned for that release; if possible, migrate to a supported fixed version. Additional guidance recommends securing management access following best practices and leveraging Threat Prevention features where applicable.

References

  • https://security.paloaltonetworks.com/CVE-2025-0111
  • https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-0111
  • https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431

Industry ExposureMost to least
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.

  1. Manufacturing: Medium
    Manufacturing
  2. Health Care & Social Assistance: Medium
    Health Care & Social Assistance
  3. Public Administration: Medium
    Public Administration
  4. Retail Trade: Low
    Retail Trade
  5. Educational Services: Low
    Educational Services
  6. Professional, Scientific, & Technical Services: Low
    Professional, Scientific, & Technical Services
  7. Transportation & Warehousing: Low
    Transportation & Warehousing
  8. Finance and Insurance: Low
    Finance and Insurance
  9. Utilities: Low
    Utilities
  10. Arts, Entertainment & Recreation: Low
    Arts, Entertainment & Recreation
  11. Other Services (except Public Administration): Low
    Other Services (except Public Administration)
  12. Information: Low
    Information
  13. Management of Companies & Enterprises: Low
    Management of Companies & Enterprises
  14. Real Estate Rental & Leasing: Low
    Real Estate Rental & Leasing
  15. Accommodation & Food Services: Low
    Accommodation & Food Services
  16. Agriculture, Forestry Fishing & Hunting: Low
    Agriculture, Forestry Fishing & Hunting
  17. Administrative, Support, Waste Management & Remediation Services: Low
    Administrative, Support, Waste Management & Remediation Services
  18. Construction: Low
    Construction
  19. Mining: Low
    Mining
  20. Wholesale Trade: Low
    Wholesale Trade

Focus on What Matters

  1. See Everything.
  2. Identify True Risk.
  3. Proactively Mitigate Threats.

Let's talk!

background