KEVIntel

Vulnerability detail

Enriched intelligence for a single CVE

Back to KEVs

7.1

CVSS
High

CVE-2025-0111

PUBLISHED

PAN-OS: Authenticated File Read Vulnerability in the Management Web Interface

Exploited in the wild Remote Low complexity No user interaction

Vendor: Palo Alto Networks
Product: Cloud NGFW, PAN-OS, Prisma Access
Published: Feb 12, 2025
EPSS: —

Description

An authenticated file read vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated attacker with network access to the management web interface to read files on the PAN-OS filesystem that are readable by the “nobody” user. You can greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended best practices deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue does not affect Cloud NGFW or Prisma Access software.

cisa edge nessus_scanner

CVSS scores

CVSS v4.0 7.1 High

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/AU:N/R:U/V:C/RE:M/U:Red

Exploitation status

Exploited in the wild

Recorded 2025-02-20 00:00:00 UTC · Source

SSVC decision points

Exploitation: active
Automatable: No
Technical impact: partial

References

https://security.paloaltonetworks.com/CVE-2025-0111

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source	Added
CISA	Feb 20, 2025

Scanner integrations

Scanner	Reference	Detected
Nessus	https://www.tenable.com/plugins/nessus/216174	Jun 02, 2025

Timeline

CVE ID Reserved

December 20, 2024
CVE Published to Public

February 12, 2025
Added to KEVIntel

February 20, 2025
Detected by Nessus

June 02, 2025