CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.

Remediation Deadline: Mar 13, 2025

CVE-2025-0111

High

EPSS 2.0%CISA KEV

Description

Palo Alto Networks PAN-OS contains an external control of file name or path vulnerability. Successful exploitation enables an authenticated attacker with network access to the management web interface to read files on the PAN-OS filesystem that are readable by the “nobody” user.

EPSS — Exploit Probability

2.0%

Higher than 83.6% of all CVEs

Required Action

https://security.paloaltonetworks.com/CVE-2025-0111 ; https://nvd.nist.gov/vuln/detail/CVE-2025-0111

Risk Assessment

ELEVATED

In CISA KEV

Details

Severity: High
EPSS: 2.0%
CISA KEV: Yes
Ransomware: Unknown
Articles: 0

Timeline

Published

Feb 20, 2025

Added to KEV

Feb 20, 2025

Remediation Due

Mar 13, 2025

Affected Product

Palo Alto Networks

PAN-OS

View all Palo Alto Networks CVEs

External Links

NVD (NIST)CVE Details MITRE CVE