External risk intelligence

Palo Alto Networks PAN-OS File Read Vulnerability

CVE advisoryKnown Exploit

CVE-2025-0111

A vulnerability in Palo Alto Networks PAN-OS allows an authenticated attacker with network access to the management interface to read files readable by the “nobody” user. This could lead to unauthorized access to sensitive information, impacting data security and business operations. Organizations using affected versio

4Halo Surface Signal

Paloaltonetworks Pan Os

10.1.0 to before 10.1.1410.2.0 to before 10.2.710.2.10 to before 10.2.1211.0.0 to before 11.1.611.2.0 to before 11.2.410.1.1410.2.710.2.810.2.910.2.1210.2.1311.1.611.2.4

External exposure likelihood

Halo Surface Signal score for CVE-2025-0111

This vulnerability affects the management web interface of PAN-OS appliances. While best practices dictate restricting access to internal networks, management interfaces for network appliances are commonly reachable or inadvertently exposed to the internet in many real-world deployments, making them a common target for external access.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:M/U:Red

Horizon Alert

Summary of the vulnerability and why it matters

This vulnerability impacts Palo Alto Networks PAN-OS software. An authenticated attacker with network access to the management web interface could potentially read sensitive files on the system. This could lead to unauthorized access to information, potentially affecting business operations and data security.

  • PAN-OS management web interface
  • Flaw allows reading system files
  • Unauthorized data access

Attack Path

How an attacker could exploit the issue

An authenticated attacker with network access to the management web interface can exploit this vulnerability. The attacker initiates the process by gaining unauthorized access to the management interface. This access allows them to then read files from the PAN-OS filesystem that are accessible by the "nobody" user, potentially exposing sensitive system information.

  • Network access to management interface
  • Authenticated attacker gains access
  • Attacker reads files

Live Threat

Current exploitation, exposure, and threat context

The identified vulnerability in Palo Alto Networks PAN-OS software allows an authenticated attacker to read sensitive files from the system. Exploitation requires network access to the management web interface, and the attacker could potentially gain unauthorized access to information. Organizations using affected versions should consider this a high-risk issue requiring immediate attention.

  • Likely attacker skill level: Low.
  • Required access or conditions: Authenticated, network access to management interface.
  • Business risk or urgency: High.

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

This vulnerability allows an authenticated attacker with access to the management web interface to read files on the affected system. Exploiting this could expose sensitive information on the filesystem. Organizations using Palo Alto Networks PAN-OS should take immediate steps to identify and mitigate this risk. The vendor has provided guidance on how to reduce the risk by restricting access to the management web interface.

  • Identify PAN-OS assets with management access.
  • Restrict management web interface access.
  • Apply vendor fixes and validate.
  • Monitor for related security events.

Frequently asked questions

What is Palo Alto Networks PAN-OS software and its function?

PAN-OS is the operating system for Palo Alto Networks' network security appliances. It manages network traffic, enforces security policies, and provides essential network security functions.

What is the primary weakness in CVE-2025-0111?

CVE-2025-0111 is an authenticated file read vulnerability. This means an attacker who has already gained access to the system can exploit this flaw to read files they should not have access to, specifically those readable by the 'nobody' user on the PAN-OS system.

How can an attacker exploit CVE-2025-0111 in PAN-OS?

An attacker with authenticated network access to the management web interface can exploit this by reading files on the PAN-OS filesystem that are readable by the 'nobody' user.

What is the relevance of CVE-2025-0111 to organizations?

This vulnerability presents a significant risk as it allows unauthorized access to sensitive system files. Organizations using affected PAN-OS versions need to address this high-risk issue promptly to prevent potential data breaches and operational disruption.

What steps should be taken to address the PAN-OS vulnerability?

Organizations should identify PAN-OS assets with management access, restrict access to the management web interface to trusted users, and apply vendor-provided fixes and updates to mitigate the risk.

References

Sources and related resources

Primary sources: NVD, CVE.org, CISA KEV.

NVDPublished Modified