Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2025-0111

An authenticated file read vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated attacker with network access to the management web interface to read files on the PAN-OS filesystem that are readable by the “nobody” user.

You can greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended best practices deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .

This issue does not affect Cloud NGFW or Prisma Access software.

  • Published: Feb 12, 2025
  • Updated: May 4, 2025
  • CVE: CVE-2025-0111
  • Severity: Medium
  • Exploit:

CVSS v3:

  • Severity: Medium
  • Score: 6.5
  • AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWEs:

Software From Fixed in
paloaltonetworks / pan-os 10.2.7-h6 10.2.7-h6.x
paloaltonetworks / pan-os 10.2.7-h3 10.2.7-h3.x
paloaltonetworks / pan-os 10.2.7-h1 10.2.7-h1.x
paloaltonetworks / pan-os 10.2.7 10.2.7.x
paloaltonetworks / pan-os 10.2.9 10.2.9.x
paloaltonetworks / pan-os 10.2.8 10.2.8.x
paloaltonetworks / pan-os 10.1.0 10.1.14
paloaltonetworks / pan-os 10.1.14 10.1.14.x
paloaltonetworks / pan-os 10.1.14-h2 10.1.14-h2.x
paloaltonetworks / pan-os 10.1.14-h4 10.1.14-h4.x
paloaltonetworks / pan-os 10.1.14-h6 10.1.14-h6.x
paloaltonetworks / pan-os 10.2.7-h8 10.2.7-h8.x
paloaltonetworks / pan-os 10.2.8-h3 10.2.8-h3.x
paloaltonetworks / pan-os 10.2.9-h1 10.2.9-h1.x
paloaltonetworks / pan-os 10.2.12 10.2.12.x
paloaltonetworks / pan-os 10.2.12-h1 10.2.12-h1.x
paloaltonetworks / pan-os 11.2.0 11.2.4
paloaltonetworks / pan-os 11.2.4 11.2.4.x
paloaltonetworks / pan-os 10.1.14-h8 10.1.14-h8.x
paloaltonetworks / pan-os 10.2.0 10.2.7
paloaltonetworks / pan-os 10.2.7-h12 10.2.7-h12.x
paloaltonetworks / pan-os 10.2.7-h16 10.2.7-h16.x
paloaltonetworks / pan-os 10.2.7-h18 10.2.7-h18.x
paloaltonetworks / pan-os 10.2.7-h19 10.2.7-h19.x
paloaltonetworks / pan-os 10.2.7-h21 10.2.7-h21.x
paloaltonetworks / pan-os 10.2.8-h10 10.2.8-h10.x
paloaltonetworks / pan-os 10.2.8-h13 10.2.8-h13.x
paloaltonetworks / pan-os 10.2.8-h15 10.2.8-h15.x
paloaltonetworks / pan-os 10.2.8-h18 10.2.8-h18.x
paloaltonetworks / pan-os 10.2.8-h19 10.2.8-h19.x
paloaltonetworks / pan-os 10.2.8-h4 10.2.8-h4.x
paloaltonetworks / pan-os 10.2.9-h11 10.2.9-h11.x
paloaltonetworks / pan-os 10.2.9-h14 10.2.9-h14.x
paloaltonetworks / pan-os 10.2.9-h16 10.2.9-h16.x
paloaltonetworks / pan-os 10.2.9-h18 10.2.9-h18.x
paloaltonetworks / pan-os 10.2.9-h19 10.2.9-h19.x
paloaltonetworks / pan-os 10.2.9-h9 10.2.9-h9.x
paloaltonetworks / pan-os 10.2.10 10.2.12
paloaltonetworks / pan-os 10.2.12-h2 10.2.12-h2.x
paloaltonetworks / pan-os 10.2.12-h3 10.2.12-h3.x
paloaltonetworks / pan-os 10.2.13 10.2.13.x
paloaltonetworks / pan-os 10.2.13-h1 10.2.13-h1.x
paloaltonetworks / pan-os 10.2.12-h4 10.2.12-h4.x
paloaltonetworks / pan-os 10.2.13-h2 10.2.13-h2.x
paloaltonetworks / pan-os 11.0.0 11.1.6
paloaltonetworks / pan-os 11.1.6 11.1.6.x
paloaltonetworks / pan-os 11.2.4-h1 11.2.4-h1.x
paloaltonetworks / pan-os 11.2.4-h2 11.2.4-h2.x