Palo Alto Networks PAN-OS 10.1.x < 10.1.14-h11 / 10.2.x < 10.2.11 / 11.0.x < 11.0.6 / 11.1.x < 11.1.4-h17 / 11.2.x < 11.2.3 Vulnerability

🗓️ 12 Mar 2025 00:00:00Reported by TenableType

Palo Alto Networks PAN-OS versions before specified are vulnerable to unauthorized file access.

Reporter	Title	Published	Views	Family All 10
BDU FSTEC	The vulnerability of the command-line interface (CLI) of the PAN-OS operating system, which allows a perpetrator to gain unauthorized access to protected information	14 Apr 202500:00	–	bdu_fstec
Circl	CVE-2025-0115	12 Mar 202515:00	–	circl
CNNVD	Palo Alto Networks PAN-OS 安全漏洞	12 Mar 202500:00	–	cnnvd
CVE	CVE-2025-0115	12 Mar 202518:30	–	cve
Cvelist	CVE-2025-0115 PAN-OS: Authenticated Admin File Read Vulnerability in PAN-OS CLI	12 Mar 202518:30	–	cvelist
EUVD	EUVD-2025-6655	3 Oct 202520:07	–	euvd
NVD	CVE-2025-0115	12 Mar 202519:15	–	nvd
Palo Alto Networks	PAN-OS: Authenticated Admin File Read Vulnerability in PAN-OS CLI	12 Mar 202516:00	–	paloalto
RedhatCVE	CVE-2025-0115	14 Mar 202522:38	–	redhatcve
Vulnrichment	CVE-2025-0115 PAN-OS: Authenticated Admin File Read Vulnerability in PAN-OS CLI	12 Mar 202518:30	–	vulnrichment

Source	Link
security	www.security.paloaltonetworks.com/CVE-2025-0115
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(232655);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/04/10");

  script_cve_id("CVE-2025-0115");
  script_xref(name:"IAVA", value:"2025-A-0165-S");

  script_name(english:"Palo Alto Networks PAN-OS 10.1.x < 10.1.14-h11 / 10.2.x < 10.2.11 / 11.0.x < 11.0.6 / 11.1.x < 11.1.4-h17 / 11.2.x < 11.2.3 Vulnerability");

  script_set_attribute(attribute:"synopsis", value:
"The remote PAN-OS host is affected by a vulnerability");
  script_set_attribute(attribute:"description", value:
"The version of Palo Alto Networks PAN-OS running on the remote host is 10.1.x prior to 10.1.14-h11 or 10.2.x prior to
10.2.11 or 11.0.x prior to 11.0.6 or 11.1.x prior to 11.1.4-h17 or 11.2.x prior to 11.2.3. It is, therefore, affected by
a vulnerability.

    A vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated admin on the PAN-OS CLI
    to read arbitrary files.

    The attacker must have network access to the management interface (web, SSH, console, or telnet) and
    successfully authenticate to exploit this issue. You can greatly reduce the risk of this issue by
    restricting access to the management interface to only trusted users and internal IP addresses according
    to our recommended critical deployment guidelines (https://live.paloaltonetworks.com/t5/community-
    blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431).

    This issue does not affect Cloud NGFW or Prisma Access.

Tenable has extracted the preceding description block directly from the PAN-OS security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://security.paloaltonetworks.com/CVE-2025-0115");
  script_set_attribute(attribute:"solution", value:
"Upgrade to PAN-OS 10.1.14-h11 / 10.2.11 / 11.0.6 / 11.1.4-h17 / 11.2.3 or later");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss4_vector", value:"CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N");
  script_set_attribute(attribute:"cvss4_supplemental", value:"CVSS:4.0/AU:N/R:U/V:C/RE:M/U:Green");
  script_set_attribute(attribute:"cvss4_threat_vector", value:"CVSS:4.0/E:U");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-0115");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(41);

  script_set_attribute(attribute:"vuln_publication_date", value:"2025/03/12");
  script_set_attribute(attribute:"patch_publication_date", value:"2025/03/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/03/12");

  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:paloaltonetworks:pan-os");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Palo Alto Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("palo_alto_version.nbin");
  script_require_keys("Host/Palo_Alto/Firewall/Version", "Host/Palo_Alto/Firewall/Full_Version", "Host/Palo_Alto/Firewall/Source", "Settings/ParanoidReport");

  exit(0);
}

include('vcf.inc');
include('vcf_extras.inc');

vcf::palo_alto::initialize();

var app_name = 'Palo Alto Networks PAN-OS';

var app_info = vcf::get_app_info(app:app_name, kb_ver:'Host/Palo_Alto/Firewall/Full_Version', kb_source:'Host/Palo_Alto/Firewall/Source');

if (report_paranoia < 2) audit(AUDIT_PARANOID);

var constraints = [
  { 'min_version' : '10.1.0', 'fixed_version' : '10.1.14-h11' },
  { 'min_version' : '10.2.0', 'fixed_version' : '10.2.11' },
  { 'min_version' : '11.0.0', 'fixed_version' : '11.0.6' },
  { 'min_version' : '11.1.0', 'fixed_version' : '11.1.4-h17' },
  { 'min_version' : '11.2.0', 'fixed_version' : '11.2.3' }
];

vcf::check_version_and_report(
    app_info:app_info,
    constraints:constraints,
    severity:SECURITY_WARNING
);

10 Apr 2025 00:00Current

5.9Medium risk

Vulners AI Score5.9

CVSS 46.8

EPSS0.00176

SSVC