CVE-2025-0111

Published Feb 12, 2025

Last updated a month ago

Exploit knownCVSS high 7.1

Overview

AI description

Generated using AI and has not been reviewed by Intruder. May contain errors.

CVE-2025-0111 is an authenticated file read vulnerability found in Palo Alto Networks' PAN-OS software. This vulnerability allows an attacker with network access to the management web interface and valid credentials to read files on the PAN-OS filesystem that are accessible by the "nobody" user. The vulnerability does not impact Cloud NGFW or Prisma Access software. This vulnerability can be mitigated by restricting access to the management web interface to trusted internal IP addresses. Palo Alto Networks has released patches to address this vulnerability and recommends users update their systems as soon as possible.

Description
An authenticated file read vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated attacker with network access to the management web interface to read files on the PAN-OS filesystem that are readable by the “nobody” user. You can greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended best practices deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue does not affect Cloud NGFW or Prisma Access software.
Source
psirt@paloaltonetworks.com
NVD status
Analyzed

Risk scores

CVSS 4.0

Type
Secondary
Base score
7.1
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:M/U:Red
Severity
HIGH

CVSS 3.1

Type
Primary
Base score
6.5
Impact score
3.6
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Severity
MEDIUM

Known exploits

Data from CISA

Vulnerability name
Palo Alto Networks PAN-OS File Read Vulnerability
Exploit added on
Feb 20, 2025
Exploit action due
Mar 13, 2025
Required action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Weaknesses

psirt@paloaltonetworks.com
CWE-73
nvd@nist.gov
CWE-610

Social media

Hype score
Not currently trending

  1. Actively exploited CVE : CVE-2025-0111

    @transilienceai

    9 Mar 2025

    19 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  2. Actively exploited CVE : CVE-2025-0111

    @transilienceai

    7 Mar 2025

    18 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  3. Actively exploited CVE : CVE-2025-0111

    @transilienceai

    3 Mar 2025

    6 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  4. Palo Alto Networks warns hackers are exploiting a file read flaw. CVE-2025-0111, allows an authenticated actor with network access to the management web interface to read files in the PAN-OS operating system that are readable by the “nobody” user. https://t.co/awBu0EXtp3 https://

    @riskigy

    3 Mar 2025

    49 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. Actively exploited CVE : CVE-2025-0111

    @transilienceai

    2 Mar 2025

    25 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  6. Actively exploited CVE : CVE-2025-0111

    @transilienceai

    1 Mar 2025

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  7. Actively exploited CVE : CVE-2025-0111

    @transilienceai

    28 Feb 2025

    18 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  8. Actively exploited CVE : CVE-2025-0111

    @transilienceai

    28 Feb 2025

    17 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  9. Actively exploited CVE : CVE-2025-0111

    @transilienceai

    27 Feb 2025

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  10. Actively exploited CVE : CVE-2025-0111

    @transilienceai

    26 Feb 2025

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  11. Actively exploited CVE : CVE-2025-0111

    @transilienceai

    26 Feb 2025

    26 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  12. Mise en garde de la CISA sur l'exploitation d'une faille de sécurité critique CVE-2025-0111 qui pourrait compromettre des données sensibles dans Palo Alto PAN-OS. https://t.co/1yDYfQxmtZ #.Confidentialité #.Exploitation #.Faille #CISA

    @NicolasCoolman

    24 Feb 2025

    21 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. https://t.co/Nqm37davkp #PaloAlto Networks warns that a file read #vulnerability (CVE-2025-0111) is now being chained in attacks with two other flaws (CVE-2025-0108 with CVE-2024-9474) to breach PAN-OS #firewalls in active attacks.

    @NSIguy

    23 Feb 2025

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2025-0111 Palo Alto Networks #PAN-OS File Read Vulnerability https://t.co/J3gX7INS79

    @ScyScan

    22 Feb 2025

    76 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. 🚨 Palo Alto firewalls are under attack—again. Hackers are chaining three vulnerabilities (CVE-2025-0108, CVE-2024-9474, CVE-2025-0111) to gain root access. The attack is low complexity & actively exploited. Patch now! More details 👉 https://t.co/54s5KO5vRk #Cybersecurity

    @securityblvd

    22 Feb 2025

    130 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. Microsoft Patches Power Pages Zero-Day (CVE-2025-24989) & Recent PAN-OS Flaw (CVE-2025-0111) Joins CISA KEV https://t.co/hs4eZew8QQ #security #feedly

    @go_stripe

    21 Feb 2025

    27 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. Palo Alto Networks warns of active exploitation of critical vulnerabilities CVE-2025-0108 and CVE-2025-0111 in PAN-OS firewalls. Immediate remediation is crucial to prevent remote code execution. 🔒🚨 #PaloAlto #Firewalls #USA link: https://t.co/Vu6LRj7MQ2 https://t.co/ojqlzun2W

    @TweetThreatNews

    21 Feb 2025

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. CVE-2025-0111 & CVE-2025-23209: Palo Alto Firewalls and Craft CMS Under Active Attack https://t.co/vlnHi1wVWs

    @samilaiho

    21 Feb 2025

    493 Impressions

    1 Retweet

    3 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. CVE-2025-0111 & CVE-2025-23209: Palo Alto Firewalls and Craft CMS Under Active Attack CISA has added two security vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild https://t.co/o9oS8ULQuM

    @the_yellow_fall

    21 Feb 2025

    43 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  20. Palo Alto Networks warns that a file read vulnerability (CVE-2025-0111) is now being chained in attacks with two other flaws (CVE-2025-0108 with CVE-2024-9474) to breach PAN-OS firewalls in active attacks. https://t.co/kBTdJnAFpQ

    @blackwired32799

    20 Feb 2025

    25 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  21. 🛡️ We added Craft CMS code injection vulnerability, CVE-2025-23209, & Palo Alto Networks PAN-OS file read vulnerability, CVE-2025-0111, to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattacks

    @CISACyber

    20 Feb 2025

    4257 Impressions

    12 Retweets

    21 Likes

    1 Bookmark

    0 Replies

    2 Quotes

  22. Últimas noticias sobre #Hacking: En las últimas 24 horas, se han reportado sofisticados métodos de phishing, vulnerabilidades críticas en Ivanti y la manipulación de Signal por hackers rusos. Además, Palo Alto advierte sobre CVE-2025-0111 y se pres... 👉 https://t.co/Qg5oJWWlv0

    @JaimeARestrepo_

    20 Feb 2025

    27 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  23. 🚨🚨CVE-2025-0111: PAN-OS: Authenticated File Read Vulnerability in the Management Web Interface ⚠️Hackers are chaining it with CVE-2025-0108 & CVE-2024-9474 to breach firewalls! ZoomEye Dork👉app="Palo Alto Networks PAN-OS Firewall" 3.7k+ results are found on ZoomEye. SHODA

    @zoomeye_team

    20 Feb 2025

    389 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  24. 🚨🚨CVE-2025-0111: PAN-OS: Authenticated File Read Vulnerability in the Management Web Interface ⚠️Hackers are chaining it with CVE-2025-0108 & CVE-2024-9474 to breach firewalls! ZoomEye Dork👉app="Palo Alto Networks PAN-OS Firewall" 3.7k+ results are found on ZoomEye. Zoom

    @zoomeye_team

    20 Feb 2025

    24 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  25. Palo Alto Networks warns that CVE-2025-0111 flaw is actively exploited in attacks https://t.co/z8CPDJ0ZQu

    @itsecuritynewsl

    20 Feb 2025

    32 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  26. Have you updated your PAN-OS firewall? A file read vulnerability (CVE-2025-0111) is being exploited in combination with two other vulnerabilities (CVE-2025-0108 and CVE-2024-9474) to gain root privileges on an unpatched PAN-OS firewall. https://t.co/6FBudk6COp

    @WRANCORP

    20 Feb 2025

    113 Impressions

    0 Retweets

    4 Likes

    0 Bookmarks

    0 Replies

    1 Quote

  27. Palo Alto Networks warns that a file read vulnerability (CVE-2025-0111) is now being chained in attacks with two other flaws (CVE-2025-0108 with CVE-2024-9474) to breach PAN-OS firewalls in active attacks. https://t.co/I1DIMQtMwb #rhymtech #thinkcyberthinkrhym #rhymcyberupdates

    @Rhym_Tech

    20 Feb 2025

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  28. Palo Alto Networks warns that a new exploit chain is actively being used against unpatched PAN-OS firewalls. Attackers are chaining CVE-2025-0108, CVE-2024-9474, and CVE-2025-0111 to gain root access and steal sensitive data. Despite patches being available https://t.co/SUfubA5Ye

    @cyberbulletins

    20 Feb 2025

    57 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  29. Palo Alto Networks alerts of active exploits in PAN-OS firewalls affecting unpatched devices. CVE-2025-0111, CVE-2025-0108, and CVE-2024-9474 pose risks to sensitive data. #CISA #PaloAlto #USA link: https://t.co/BWFJjXMbtR https://t.co/fngIbmgBM5

    @TweetThreatNews

    19 Feb 2025

    108 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    5 Replies

    0 Quotes

  30. Palo Alto Networks has reported active exploitation of vulnerabilities in its PAN-OS software, specifically CVE-2024-9474 (6.9-rated) and CVE-2025-0108 (8.8-rated), which, when chained with CVE-2025-0111 (7. https://t.co/8s67C36hqT

    @securityRSS

    19 Feb 2025

    55 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  31. 🚨 [URGENT – HIGHEST PRIORITY] @PaloAltoNtwks Palo Alto Networks Confirms Active Exploits Chaining CVE-2025-0108, CVE-2024-9474 & CVE-2025-0111 PAN-OS Firewalls – IMMEDIATE ACTION REQUIRED! 🚨 Palo Alto Networks has updated its advisory, confirming that CVE-2025-0108 – an…

    @L8on_Hargrave

    19 Feb 2025

    80 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  32. CVE-2025-0111 An authenticated file read vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated attacker with network access to the management web interface… https://t.co/vnjYzQhIej

    @CVEnew

    12 Feb 2025

    300 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

References