CVE-2025-0124: 
PAN-OS vulnerability analysis and mitigation

CVE-2025-0124 is an authenticated file deletion vulnerability discovered in Palo Alto Networks PAN-OS® software. The vulnerability was disclosed on April 9, 2025, and affects multiple versions of PAN-OS and Cloud NGFW. The issue enables an authenticated attacker with network access to the management web interface to delete certain files as the "nobody" user, including limited logs and configuration files, but not system files (Palo Security).

The vulnerability has been assigned a CVSS Base Score of 5.1 (MEDIUM) with the vector string CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/AU:N/R:U/V:C/RE:M/U:Amber. The vulnerability is classified under CWE-73: External Control of File Name or Path and CAPEC-165 File Manipulation. The attack requires high privileges and network access to the management web interface (Palo Security).

The vulnerability affects the integrity and availability of the system at a low level, allowing authenticated attackers to delete certain files including limited logs and configuration files. The impact is most significant when access to the management interface is allowed from external IP addresses on the internet. However, system files are not affected by this vulnerability (Palo Security).

Palo Alto Networks has released patches for affected versions. Users should upgrade to PAN-OS 11.2.1 or later, 11.1.5 or later, 11.0.6 or later, 10.2.10 or later, or 10.1.14-h11 or later. As a mitigation measure, organizations should restrict management interface access to only trusted internal IP addresses according to best practices deployment guidelines. This greatly reduces the risk of exploitation (Palo Security).

The vulnerability was discovered and reported by VISA, Inc., demonstrating collaborative security research within the industry. Palo Alto Networks has acknowledged and addressed the vulnerability through their security advisory program (Palo Security).