Palo Alto Networks PAN-OS 10.1.x < 10.1.14-h11 / 10.2.x < 10.2.10 / 11.0.x < 11.0.6 / 11.1.x < 11.1.5 / 11.2.x < 11.2.1 Vulnerability

🗓️ 09 Apr 2025 00:00:00Reported by TenableType

Palo Alto Networks PAN-OS versions before specified are vulnerable to authenticated file deletion attacks.

Reporter	Title	Published	Views	Family All 11
BDU FSTEC	The vulnerability of the PAN-OS operating system, related to incorrect external management of file names or file paths, allows a perpetrator to gain unauthorized access to protected information.	30 Jul 202500:00	–	bdu_fstec
Circl	CVE-2025-0124	9 Apr 202514:00	–	circl
CNNVD	Palo Alto Networks PAN-OS 安全漏洞	11 Apr 202500:00	–	cnnvd
CVE	CVE-2025-0124	11 Apr 202501:55	–	cve
Cvelist	CVE-2025-0124 PAN-OS: Authenticated File Deletion Vulnerability on the Management Web Interface	11 Apr 202501:55	–	cvelist
EUVD	EUVD-2025-15137	3 Oct 202520:07	–	euvd
NVD	CVE-2025-0124	11 Apr 202502:15	–	nvd
OSV	CVE-2025-0124	11 Apr 202502:15	–	osv
Palo Alto Networks	PAN-OS: Authenticated File Deletion Vulnerability on the Management Web Interface	9 Apr 202516:00	–	paloalto
RedhatCVE	CVE-2025-0124	13 Apr 202502:41	–	redhatcve

Source	Link
security	www.security.paloaltonetworks.com/CVE-2025-0124
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(234098);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/06/12");

  script_cve_id("CVE-2025-0124");
  script_xref(name:"IAVA", value:"2025-A-0257-S");

  script_name(english:"Palo Alto Networks PAN-OS 10.1.x < 10.1.14-h11 / 10.2.x < 10.2.10 / 11.0.x < 11.0.6 / 11.1.x < 11.1.5 / 11.2.x < 11.2.1 Vulnerability");

  script_set_attribute(attribute:"synopsis", value:
"The remote PAN-OS host is affected by a vulnerability");
  script_set_attribute(attribute:"description", value:
"The version of Palo Alto Networks PAN-OS running on the remote host is 10.1.x prior to 10.1.14-h11 or 10.2.x prior to
10.2.10 or 11.0.x prior to 11.0.6 or 11.1.x prior to 11.1.5 or 11.2.x prior to 11.2.1. It is, therefore, affected by a
vulnerability.

    An authenticated file deletion vulnerability in the Palo Alto Networks PAN-OS software enables an
    authenticated attacker with network access to the management web interface to delete certain files as the
    nobody user; this includes limited logs and configuration files but does not include system files.

    The attacker must have network access to the management web interface to exploit this issue. You greatly
    reduce the risk of this issue by restricting access to the management web interface to only trusted
    internal IP addresses according to our recommended critical deployment guidelines
    (https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-
    of-your-palo/ba-p/464431).

    This issue affects Cloud NGFW. However, this issue does not affect Prisma Access software.


Tenable has extracted the preceding description block directly from the PAN-OS security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://security.paloaltonetworks.com/CVE-2025-0124");
  script_set_attribute(attribute:"solution", value:
"Upgrade to PAN-OS 10.1.14-h11 / 10.2.10 / 11.0.6 / 11.1.5 / 11.2.1 or later");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss4_vector", value:"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N");
  script_set_attribute(attribute:"cvss4_supplemental", value:"CVSS:4.0/AU:N/R:U/V:C/RE:M/U:Amber");
  script_set_attribute(attribute:"cvss4_threat_vector", value:"CVSS:4.0/E:U");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-0124");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(73);

  script_set_attribute(attribute:"vuln_publication_date", value:"2025/04/09");
  script_set_attribute(attribute:"patch_publication_date", value:"2025/04/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/04/09");

  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:paloaltonetworks:pan-os");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Palo Alto Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("palo_alto_version.nbin");
  script_require_keys("Host/Palo_Alto/Firewall/Version", "Host/Palo_Alto/Firewall/Full_Version", "Host/Palo_Alto/Firewall/Source", "Settings/ParanoidReport");

  exit(0);
}

include('vcf.inc');
include('vcf_extras.inc');

vcf::palo_alto::initialize();

var app_name = 'Palo Alto Networks PAN-OS';

var app_info = vcf::get_app_info(app:app_name, kb_ver:'Host/Palo_Alto/Firewall/Full_Version', kb_source:'Host/Palo_Alto/Firewall/Source');

if (report_paranoia < 2) audit(AUDIT_PARANOID);

var constraints = [
  { 'min_version' : '10.1.0', 'fixed_version' : '10.1.14-h11' },
  { 'min_version' : '10.2.0', 'fixed_version' : '10.2.10' },
  { 'min_version' : '11.0.0', 'fixed_version' : '11.0.6' },
  { 'min_version' : '11.1.0', 'fixed_version' : '11.1.5' },
  { 'min_version' : '11.2.0', 'fixed_version' : '11.2.1' }
];

vcf::check_version_and_report(
    app_info:app_info,
    constraints:constraints,
    severity:SECURITY_WARNING
);

12 Jun 2025 00:00Current

5.7Medium risk

Vulners AI Score5.7

CVSS 3.13.8

CVSS 45.1

EPSS0.00282

SSVC