CVE-2025-0124

An authenticated file deletion vulnerability in the Palo Alto Networks PAN-OS® software enables an authenticated attacker with network access to the management web interface to delete certain files as the “nobody” user; this includes limited logs and configuration files but does not include system files. The attacker must have network access to the management web interface to exploit this issue. You greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended critical deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue affects Cloud NGFW. However, this issue does not affect Prisma® Access software.

CVSS v3 3.8 LOW

3.8^/10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://security.paloaltonetworks.com/CVE-2025-0124	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:paloaltonetworks:pan-os::::::::
	cpe:2.3:o:paloaltonetworks:pan-os::::::::
	cpe:2.3:o:paloaltonetworks:pan-os::::::::
	cpe:2.3:o:paloaltonetworks:pan-os::::::::
	cpe:2.3:o:paloaltonetworks:pan-os::::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:-::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h1::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h10::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h2::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h3::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h4::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h5::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h6::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h7::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h8::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h9::::::

History

02 Oct 2025, 15:16

Type	Values Removed	Values Added
First Time		Paloaltonetworks Paloaltonetworks pan-os
References	~~() https://security.paloaltonetworks.com/CVE-2025-0124 -~~	() https://security.paloaltonetworks.com/CVE-2025-0124 - Vendor Advisory
CPE		cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h8:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h7:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h10:::::: cpe:2.3:o:paloaltonetworks:pan-os:::::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h5:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h6:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h9:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h1::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 3.8

11 Apr 2025, 15:39

Type	Values Removed	Values Added
Summary		(es) Una vulnerabilidad de eliminación de archivos autenticados en el software PAN-OS® de Palo Alto Networks permite que un atacante autenticado con acceso de red a la interfaz web de administración elimine ciertos archivos como usuario “nobody”; Esto incluye registros y archivos de configuración limitados, pero no incluye archivos del sistema. El atacante debe tener acceso a la red a la interfaz web de administración para explotar este problema. Puede reducir en gran medida el riesgo de que se produzca este problema al restringir el acceso a la interfaz web de administración solo a direcciones IP internas confiables de acuerdo con nuestras pautas de implementación crítica recomendadas https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431. Este problema afecta a Cloud NGFW. Sin embargo, este problema no afecta al software Prisma® Access.

11 Apr 2025, 02:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-04-11 02:15

Updated : 2025-10-02 15:16

NVD link : CVE-2025-0124

Mitre link : CVE-2025-0124

CVE.ORG link : CVE-2025-0124

JSON object : View

Products Affected

paloaltonetworks

pan-os

CWE

CWE-73

External Control of File Name or Path

3.8 /10