CVE-2025-0111
PAN-OS: Authenticated File Read Vulnerability in the Management Web Interface
In short
An authenticated attacker with access to PAN-OS management web interface can read sensitive files from the system filesystem. This is concerning because it may expose configuration data, credentials, or other sensitive information stored on the device.
Technical detail
Authenticated file read vulnerability in PAN-OS management web interface allows an attacker with valid credentials and network access to read arbitrary files with 'nobody' user permissions. Attack vector is network-based through the web interface; requires prior authentication. Impact includes potential disclosure of sensitive filesystem data that could aid further attacks.
Summary generated and translated by AI from the official description.
An authenticated file read vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated attacker with network access to the management web interface to read files on the PAN-OS filesystem that are readable by the “nobody” user.
You can greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended best practices deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .
This issue does not affect Cloud NGFW or Prisma Access software.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/AU:N/R:U/V:C/RE:M/U:Red
Affected products
Palo Alto Networks · Cloud NGFWPalo Alto Networks · PAN-OSPalo Alto Networks · Prisma AccessWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →