CVE-2025-0124

Name of the Vulnerable Software and Affected Versions: PAN-OS versions (affected versions not specified)

Description: An authenticated file deletion issue in the PAN-OS software allows an authenticated attacker with network access to the management web interface to delete certain files as the nobody user. This includes limited logs and configuration files but does not include system files. The attacker must have network access to the management web interface to exploit this issue. Restricting access to the management web interface to only trusted internal IP addresses can reduce the risk of this issue. This issue affects Cloud NGFW but does not affect Prisma Access software.

Recommendations: As a temporary workaround, consider restricting access to the management web interface to only trusted internal IP addresses according to the recommended critical deployment guidelines. At the moment, there is no information about a newer version that contains a fix for this vulnerability.