CVE-2025-0111

CVE-2025-0111 is an authenticated file read vulnerability in the Palo Alto Networks PAN-OS software. It affects the management web interface, enabling an authenticated attacker with network access to read files on the PAN-OS filesystem that are readable by the “nobody” user. This issue does not affect Cloud NGFW or Prisma Access software and is associated with CWE-73 and CWE-610.

An authenticated attacker with low privileges and network access to the management web interface (AV:N/AC:L/PR:L/UI:N/S:U) can exploit this vulnerability to achieve high confidentiality impact (C:H), with no impact on integrity or availability. Exploitation allows reading potentially sensitive files accessible to the “nobody” user, as reflected in the CVSS v3.1 base score of 6.5.

Palo Alto Networks advisories state that the risk can be greatly reduced by restricting management web interface access to only trusted internal IP addresses, per their recommended best practices at https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431. Further details are available in the vendor security advisory at https://security.paloaltonetworks.com/CVE-2025-0111, and the vulnerability is listed in the CISA Known Exploited Vulnerabilities Catalog at https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-0111.