[Palo Alto Networks Security Advisories] CVE-2025-0115 PAN-OS: Authenticated Admin File Read Vulnerability in PAN-OS CLI
Palo Alto Networks Security Advisories /CVE-2025-0115
CVE-2025-0115 PAN-OS: Authenticated Admin File Read Vulnerability in PAN-OS CLI
Description
A vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated admin on the PAN-OS CLI to read arbitrary files.
This issue does not affect Cloud NGFW or Prisma Access.
Product Status
| Versions | Affected | Unaffected |
|---|---|---|
| Cloud NGFW | None | All |
| PAN-OS 11.2 | < 11.2.3 | >= 11.2.3 |
| PAN-OS 11.1 | < 11.1.5 | >= 11.1.5 |
| PAN-OS 11.0 | < 11.0.6 | >= 11.0.6 |
| PAN-OS 10.2 | < 10.2.11 | >= 10.2.11 |
| PAN-OS 10.1 | < 10.1.14-h11 | >= 10.1.14-h11 |
| Prisma Access | None | All |
Please note that PAN-OS 11.0, PAN-OS 10.0, PAN-OS 9.1, PAN-OS 9.0, and older releases have reached their software end-of-life (EoL) dates and are no longer evaluated for vulnerabilities and no fixes are planned. These versions are presumed to be affected.
Required Configuration for Exposure
No special configuration is required to be vulnerable to this issue.
Severity:MEDIUM, Suggested Urgency:MODERATE
CVSS-BT:4.3 /CVSS-B:6.8 (CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:C/RE:M/U:Amber)
Exploitation Status
Palo Alto Networks is not aware of any malicious exploitation of this issue.
Weakness Type and Impact
CWE-41: Improper Resolution of Path Equivalence
Solution
This issue is fixed in PAN-OS 10.1.14-h11, PAN-OS 10.2.11, PAN-OS 11.0.6, PAN-OS 11.1.5, PAN-OS 11.2.3, and all later PAN-OS versions.
| Version | Minor Version | Suggested Solution |
|---|---|---|
| PAN-OS 11.2 | 11.2.0 through 11.2.2 | Upgrade to 11.2.3 or later |
| PAN-OS 11.1 | 11.1.0 through 11.1.4 | Upgrade to 11.1.5 or later |
| PAN-OS 11.0 | 11.0.0 through 11.0.5 | Upgrade to 11.0.6 or later |
| PAN-OS 10.2 | 10.2.0 through 10.2.10 | Upgrade to 10.2.11 or later |
| PAN-OS 10.1 | 10.1.0 through 10.1.14 | Upgrade to 10.1.14-h11 or later |
| All other older unsupported PAN-OS versions | Upgrade to a supported fixed version. |
Workarounds and Mitigations
No known mitigations or workarounds exist for this issue.
Acknowledgments
CPEs
cpe:2.3:o:paloaltonetworks:pan-os:11.2.2:*:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:11.2.1:*:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:11.2.0:*:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:*:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:*:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:*:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:11.1.1:*:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:*:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:11.0.5:*:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:11.0.4:*:*:*:*:*:*:*
Timeline
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
