CVE-2025-0115: 
PAN-OS vulnerability analysis and mitigation

A vulnerability (CVE-2025-0115) was discovered in the Palo Alto Networks PAN-OS software that enables an authenticated admin on the PAN-OS CLI to read arbitrary files. The vulnerability was disclosed on March 12, 2025, affecting multiple versions of PAN-OS including 11.2, 11.1, 11.0, 10.2, and 10.1. This issue does not affect Cloud NGFW or Prisma Access (PAN Advisory).

The vulnerability requires network access to the management interface (web, SSH, console, or telnet) and successful authentication to exploit. It has been assigned a CVSS 4.0 Base Score of 6.8 (MEDIUM) with vector string CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/AU:N/R:U/V:C/RE:M/U:Amber. The weakness is categorized as CWE-41: Improper Resolution of Path Equivalence and CAPEC-126 Path Traversal (PAN Advisory).

The vulnerability allows an authenticated administrator to read arbitrary files on the system, potentially exposing sensitive information. The impact is highest when management interface access is allowed from external IP addresses on the internet (PAN Advisory).

The issue has been fixed in PAN-OS versions 10.1.14-h11, 10.2.11, 11.0.6, 11.1.5, 11.2.3, and all later versions. As a mitigation, it is strongly recommended to secure access to the management interface according to Palo Alto Networks' critical deployment guidelines by restricting management interface access to only trusted internal IP addresses (PAN Advisory).

The vulnerability was discovered and reported by the Visa Cybersecurity team and Deloitte Romania, represented by Razvan Ilisanu and Matei "Mal" Badanoiu (PAN Advisory).