PT-2025-6776 · Palo Alto Networks · Pan-Os
Émilio Gonzalez
+1
·
Published
2025-02-12
·
Updated
2026-03-23
·
CVE-2025-0111
CVSS v4.0
7.1
High
| AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/AU:N/R:U/V:C/RE:M/U:Red |
Name of the Vulnerable Software and Affected Versions
Palo Alto Networks PAN-OS (affected versions not specified)
Description
An authenticated attacker with network access to the management web interface can read files on the PAN-OS filesystem that are readable by the ‘nobody’ user. This is due to an authenticated file read issue in the management web interface. The issue is actively exploited in attacks. The number of potentially affected devices worldwide is not specified. The attacker requires network access to the management web interface to exploit this issue.
Recommendations
Restrict access to the management web interface to only trusted internal IP addresses according to recommended best practices.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Pan-Os