CVE-2025-0124

EUVD-2025-15137

11.04.2025, 02:15

An authenticated file deletion vulnerability in the Palo Alto Networks PAN-OS® software enables an authenticated attacker with network access to the management web interface to delete certain files as the “nobody” user; this includes limited logs and configuration files but does not include system files.

The attacker must have network access to the management web interface to exploit this issue. You greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended critical deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .

This issue affects Cloud NGFW. However, this issue does not affect Prisma® Access software.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	3.8 LOW	NETWORK	LOW	HIGH	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L

Base Score

CVSS 3.x

EPSS Score

Percentile: 65%

Affected Products (NVD)

Vendor	Product	Version
paloaltonetworks	pan-os	10.1.0 ≤ 𝑥 < 10.1.14
paloaltonetworks	pan-os	10.2.0 ≤ 𝑥 < 10.2.10
paloaltonetworks	pan-os	11.0.0 ≤ 𝑥 < 11.0.6
paloaltonetworks	pan-os	11.1.0 ≤ 𝑥 < 11.1.5
paloaltonetworks	pan-os	11.2.0 ≤ 𝑥 < 11.2.1
paloaltonetworks	pan-os	10.1.14
paloaltonetworks	pan-os	10.1.14:h1
paloaltonetworks	pan-os	10.1.14:h10
paloaltonetworks	pan-os	10.1.14:h2
paloaltonetworks	pan-os	10.1.14:h3
paloaltonetworks	pan-os	10.1.14:h4
paloaltonetworks	pan-os	10.1.14:h5
paloaltonetworks	pan-os	10.1.14:h6
paloaltonetworks	pan-os	10.1.14:h7
paloaltonetworks	pan-os	10.1.14:h8
paloaltonetworks	pan-os	10.1.14:h9

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-73 - External Control of File Name or Path
The software allows user input to control or influence paths or file names that are used in filesystem operations.

References

https://security.paloaltonetworks.com/CVE-2025-0124