AI description
CVE-2025-0111 is an authenticated file read vulnerability found in Palo Alto Networks' PAN-OS software. This vulnerability allows an attacker with network access to the management web interface and valid credentials to read files on the PAN-OS filesystem that are accessible by the "nobody" user. The vulnerability does not impact Cloud NGFW or Prisma Access software. This vulnerability can be mitigated by restricting access to the management web interface to trusted internal IP addresses. Palo Alto Networks has released patches to address this vulnerability and recommends users update their systems as soon as possible.
- Description
- An authenticated file read vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated attacker with network access to the management web interface to read files on the PAN-OS filesystem that are readable by the “nobody” user. You can greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended best practices deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue does not affect Cloud NGFW or Prisma Access software.
- Source
- psirt@paloaltonetworks.com
- NVD status
- Analyzed
CVSS 4.0
- Type
- Secondary
- Base score
- 7.1
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:M/U:Red
- Severity
- HIGH
CVSS 3.1
- Type
- Primary
- Base score
- 6.5
- Impact score
- 3.6
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
Data from CISA
- Vulnerability name
- Palo Alto Networks PAN-OS File Read Vulnerability
- Exploit added on
- Feb 20, 2025
- Exploit action due
- Mar 13, 2025
- Required action
- Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
1
Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2025-0111 Palo Alto Networks #PAN-OS File Read Vulnerability https://t.co/J3gX7INS79
@ScyScan
22 Feb 2025
66 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Palo Alto firewalls are under attack—again. Hackers are chaining three vulnerabilities (CVE-2025-0108, CVE-2024-9474, CVE-2025-0111) to gain root access. The attack is low complexity & actively exploited. Patch now! More details 👉 https://t.co/54s5KO5vRk #Cybersecurity
@securityblvd
22 Feb 2025
130 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft Patches Power Pages Zero-Day (CVE-2025-24989) & Recent PAN-OS Flaw (CVE-2025-0111) Joins CISA KEV https://t.co/hs4eZew8QQ #security #feedly
@go_stripe
21 Feb 2025
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Palo Alto Networks warns of active exploitation of critical vulnerabilities CVE-2025-0108 and CVE-2025-0111 in PAN-OS firewalls. Immediate remediation is crucial to prevent remote code execution. 🔒🚨 #PaloAlto #Firewalls #USA link: https://t.co/Vu6LRj7MQ2 https://t.co/ojqlzun2W
@TweetThreatNews
21 Feb 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-0111 & CVE-2025-23209: Palo Alto Firewalls and Craft CMS Under Active Attack https://t.co/vlnHi1wVWs
@samilaiho
21 Feb 2025
493 Impressions
1 Retweet
3 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-0111 & CVE-2025-23209: Palo Alto Firewalls and Craft CMS Under Active Attack CISA has added two security vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild https://t.co/o9oS8ULQuM
@the_yellow_fall
21 Feb 2025
43 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Palo Alto Networks warns that a file read vulnerability (CVE-2025-0111) is now being chained in attacks with two other flaws (CVE-2025-0108 with CVE-2024-9474) to breach PAN-OS firewalls in active attacks. https://t.co/kBTdJnAFpQ
@blackwired32799
20 Feb 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ We added Craft CMS code injection vulnerability, CVE-2025-23209, & Palo Alto Networks PAN-OS file read vulnerability, CVE-2025-0111, to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattacks
@CISACyber
20 Feb 2025
4257 Impressions
12 Retweets
21 Likes
1 Bookmark
0 Replies
2 Quotes
Últimas noticias sobre #Hacking: En las últimas 24 horas, se han reportado sofisticados métodos de phishing, vulnerabilidades críticas en Ivanti y la manipulación de Signal por hackers rusos. Además, Palo Alto advierte sobre CVE-2025-0111 y se pres... 👉 https://t.co/Qg5oJWWlv0
@JaimeARestrepo_
20 Feb 2025
27 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨🚨CVE-2025-0111: PAN-OS: Authenticated File Read Vulnerability in the Management Web Interface ⚠️Hackers are chaining it with CVE-2025-0108 & CVE-2024-9474 to breach firewalls! ZoomEye Dork👉app="Palo Alto Networks PAN-OS Firewall" 3.7k+ results are found on ZoomEye. SHODA
@zoomeye_team
20 Feb 2025
389 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨🚨CVE-2025-0111: PAN-OS: Authenticated File Read Vulnerability in the Management Web Interface ⚠️Hackers are chaining it with CVE-2025-0108 & CVE-2024-9474 to breach firewalls! ZoomEye Dork👉app="Palo Alto Networks PAN-OS Firewall" 3.7k+ results are found on ZoomEye. Zoom
@zoomeye_team
20 Feb 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Palo Alto Networks warns that CVE-2025-0111 flaw is actively exploited in attacks https://t.co/z8CPDJ0ZQu
@itsecuritynewsl
20 Feb 2025
32 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
Have you updated your PAN-OS firewall? A file read vulnerability (CVE-2025-0111) is being exploited in combination with two other vulnerabilities (CVE-2025-0108 and CVE-2024-9474) to gain root privileges on an unpatched PAN-OS firewall. https://t.co/6FBudk6COp
@WRANCORP
20 Feb 2025
113 Impressions
0 Retweets
4 Likes
0 Bookmarks
0 Replies
1 Quote
Palo Alto Networks warns that a file read vulnerability (CVE-2025-0111) is now being chained in attacks with two other flaws (CVE-2025-0108 with CVE-2024-9474) to breach PAN-OS firewalls in active attacks. https://t.co/I1DIMQtMwb #rhymtech #thinkcyberthinkrhym #rhymcyberupdates
@Rhym_Tech
20 Feb 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Palo Alto Networks warns that a new exploit chain is actively being used against unpatched PAN-OS firewalls. Attackers are chaining CVE-2025-0108, CVE-2024-9474, and CVE-2025-0111 to gain root access and steal sensitive data. Despite patches being available https://t.co/SUfubA5Ye
@cyberbulletins
20 Feb 2025
57 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Palo Alto Networks alerts of active exploits in PAN-OS firewalls affecting unpatched devices. CVE-2025-0111, CVE-2025-0108, and CVE-2024-9474 pose risks to sensitive data. #CISA #PaloAlto #USA link: https://t.co/BWFJjXMbtR https://t.co/fngIbmgBM5
@TweetThreatNews
19 Feb 2025
108 Impressions
0 Retweets
0 Likes
0 Bookmarks
5 Replies
0 Quotes
Palo Alto Networks has reported active exploitation of vulnerabilities in its PAN-OS software, specifically CVE-2024-9474 (6.9-rated) and CVE-2025-0108 (8.8-rated), which, when chained with CVE-2025-0111 (7. https://t.co/8s67C36hqT
@securityRSS
19 Feb 2025
55 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 [URGENT – HIGHEST PRIORITY] @PaloAltoNtwks Palo Alto Networks Confirms Active Exploits Chaining CVE-2025-0108, CVE-2024-9474 & CVE-2025-0111 PAN-OS Firewalls – IMMEDIATE ACTION REQUIRED! 🚨 Palo Alto Networks has updated its advisory, confirming that CVE-2025-0108 – an…
@L8on_Hargrave
19 Feb 2025
80 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-0111 An authenticated file read vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated attacker with network access to the management web interface… https://t.co/vnjYzQhIej
@CVEnew
12 Feb 2025
300 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "19D52DC1-4441-4C88-B209-9B86FCC2162F",
"versionEndExcluding": "10.1.14",
"versionStartIncluding": "10.1.0"
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "243077CD-5021-4DF3-8AC7-5B14F7FD9710",
"versionEndExcluding": "10.2.7",
"versionStartIncluding": "10.2.0"
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F9BD5E2D-61D2-4872-ACD1-D5B442CC809D",
"versionEndExcluding": "10.2.12",
"versionStartIncluding": "10.2.10"
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "855047CA-ABFA-4F3D-AF98-245D14B75798",
"versionEndExcluding": "11.1.6",
"versionStartIncluding": "11.0.0"
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7E4D3A51-0A40-4B19-AAFC-A2484B1CF5D7",
"versionEndExcluding": "11.2.4",
"versionStartIncluding": "11.2.0"
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B41A7115-A370-49E1-B162-24803E6DD2CB"
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "65949A49-03A7-491C-B327-127F050AC4F6"
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E8ACB147-B4C1-4964-B538-EAA117CC6DC1"
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h6:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6643574D-C024-440C-9392-004B7FA4498F"
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h8:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7422F37D-7ABA-4BEC-8448-45A8F585D6F9"
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A8C42D98-CF8F-456B-9D57-80BBDC2C8E74"
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B3AAD4BA-22DD-43D3-91F1-8A6F5FBBF029"
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h12:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AA4994CB-6591-4B44-A5D7-3CDF540B97DE"
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h16:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A6AB7874-FE24-42AC-8E3A-822A70722126"
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h18:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "34B083B9-CC1B-43CD-9A16-C018F7FA2DDB"
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h19:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0D88CC33-7E32-4E82-8A94-70759E910510"
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h21:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FA91A4E9-CE1E-4CB8-B717-4B0E314C0171"
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "776E06EC-2FDA-4664-AB43-9F6BE9B897CA"
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h6:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CBE09375-A863-42FF-813F-C20679D7C45C"
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h8:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1311961A-0EF6-488E-B0C2-EDBD508587C9"
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5D64390F-F870-4DBF-B0FE-BCDFE58C8685"
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h10:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F70FC9DF-10C9-4AE5-B64B-3153E2E4E9E8"
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h13:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C3D6D552-6F33-496A-A505-5F59DF3B487B"
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h15:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D1ECD1DC-5A05-4E4F-97F5-136CE777FAB3"
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h18:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "347E5938-24FF-4C2C-B823-988D34706E24"
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h19:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C889402F-138A-45B9-BBCF-91FD18A0B810"
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CBA2B4FA-16C2-41B9-856D-EDC0CAF7A164"
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E5E6A893-2994-40A3-AF35-8AF068B0DE42"
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D814F3A3-5E9D-426D-A654-1346D9ECE9B3"
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8C7E9211-7041-4720-B4B9-3EA95D425263"
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h11:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CEB258EE-2C6E-4A63-B04C-89C5F76B0878"
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h14:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0F481B0E-2353-4AB0-8A98-B0EFBC409868"
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h16:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3F7FC771-527F-4619-B785-6AE1F4722074"
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h18:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CCC2A6DA-EB48-42CD-9234-A80C3F6AEFAE"
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h19:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "046874F8-7DA7-4E2A-99BF-509424E6CCBF"
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h9:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4E9EB9C6-78BA-4C66-A4BD-856BF27388CE"
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3D33A0FB-7538-42BF-84E8-7CCD7EEF9355"
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FB95D77F-1263-4D47-A0BB-94A6DA937115"
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8EA4C2A7-18CD-4232-B08C-99BEFE497A57"
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "357B747E-F960-4AA9-8696-B3BD89933630"
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1FDB3D90-6656-49C5-9852-1F987BAEF0F9"
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C2B871A6-0636-42A0-9573-6F693D7753AD"
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F1FC63B8-B8D9-4EC1-85CA-2E12B38ACD3E"
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "60CE628F-C4CB-4342-8D71-DE61A089B612"
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "52C50A07-F4D8-4F1F-BA61-3429BB1721BE"
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C01AD190-F3C2-4349-A063-8C5C78B725B9"
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "30F4CD1C-6862-4279-8D2D-40B4D164222F"
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A52B7A7A-483A-4075-B1E9-5C14B66F7FC3"
}
],
"operator": "OR"
}
]
}
]